5655 matches found
CVE-2024-2497
A vulnerability was found in RaspAP raspap-webgui 3.0.9 and classified as critical. This issue affects some unknown processing of the file includes/provider.php of the component HTTP POST Request Handler. The manipulation of the argument country leads to code injection. The attack may be initiate...
Mobatek MobaXterm < 8.3 (CVE-2015-7244)
The version of Mobatek MobaXterm installed on the remote host is prior to 8.3. It is, therefore, affected by a vulnerability as referenced in the CVE-2015-7244 advisory. - The default configuration of the server in MobaXterm before 8.3 has a disabled Access Control setting and consequently does n...
CVE-2023-46426
Heap-based Buffer Overflow vulnerability in gpac version 2.3-DEV-rev588-g7edc40fee-master, allows remote attackers to execute arbitrary code and cause a denial of service DoS via gffwrite component in at utils/osfile.c...
PT-2024-10208 · Ibm · Ibm Security Reaqta
Name of the Vulnerable Software and Affected Versions: IBM Security ReaQta version 3.12 Description: The issue is related to weaknesses in the authentication procedure of IBM Security ReaQta, which could allow a remote attacker to disclose protected information. Specifically, IBM Security ReaQta...
Sql injection
A vulnerability classified as critical has been found in keerti1924 Online-Book-Store-Website 1.0. This affects an unknown part of the file /shop.php of the component HTTP POST Request Handler. The manipulation of the argument productname leads to sql injection. It is possible to initiate the...
BIT-DRUPAL-2020-9281
A cross-site scripting XSS vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment with the ckeprotected syntax...
Oracle Linux 9 : openssh (ELSA-2024-1130)
The remote Oracle Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-1130 advisory. - Fix Terrapin attack CVE-2023-48795 Resolves: RHEL-19764 Tenable has extracted the preceding description block directly from the Oracle Linux security...
PT-2024-2136 · D Link · D-Link Gortac750 A1 Fw V101B03
Name of the Vulnerable Software and Affected Versions: D-Link GORTAC750 A1 FW v101b03 Description: A Cross-site scripting XSS vulnerability in components such as dlapn.cgi, dldongle.cgi, dlcfg.cgi, fwup.cgi, and seama.cgi allows remote attackers to inject arbitrary web script or HTML via the url...
Ubuntu 20.04 LTS / 22.04 LTS : php-guzzlehttp-psr7 vulnerabilities (USN-6670-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6670-1 advisory. It was discovered that php-guzzlehttp-psr7 incorrectly parsed HTTP headers. A remote attacker could possibly use these issues to perform an...
Sql injection
A vulnerability was found in SourceCodester Employee Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /myprofile.php. The manipulation of the argument id with the input 1%20or%201=1 leads to sql injection. The attack may be...
Liferay Portal Frontend JS module's portlet.js and Liferay DXP vulnerable to Cross-site Scripting
Cross-site scripting XSS vulnerability in the Frontend JS module's portlet.js in Liferay Portal 7.2.0 through 7.4.3.37, and Liferay DXP 7.4 before update 38, 7.3 before update 11, 7.2 before fix pack 20, and older unsupported versions allows remote attackers to inject arbitrary web script or HTML...
GHSA-3MRR-CW9Q-727M Liferay Vulnerable to Open Redirect via Adaptive Media Administration Page
Open redirect vulnerability in adaptive media administration page in Liferay DXP 2023.Q3 before patch 6, and 7.4 GA through update 92 allows remote attackers to redirect users to arbitrary external URLs via the comliferayadaptivemediawebportletAMPortletredirect parameter...
CVE-2024-25608
HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7.4 before update 19, 7.3 before update 4, 7.2 before fix pack 19, and older unsupported versions can be circumvented by using the 'REPLACEMENT CHARACTER' U+FFFD, which allows remote...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK may affect IBM Storage Scale
Summary There are vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by IBM Storage Scale. This issue was disclosed as part of the IBM Java SDK updates in October 2023. Vulnerability Details CVEID:CVE-2023-22081 DESCRIPTION: An unspecified vulnerability in Java SE related to the...
PT-2024-1868 · Microsoft · Dynamics 365
Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 on-premises affected versions not specified Description: The issue is related to a lack of protection measures for the web page structure in Microsoft Dynamics 365, allowing for cross-site scripting attacks. An attacker...
Rocky Linux 8 : openssh (RLSA-2024:0606)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2024:0606 advisory. - The SSH transport protocol with certain OpenSSH extensions, found in OpenSSH before 9.6 and other products, allows remote attackers to bypass integrit...
RHEL 9 : kernel (RHSA-2024:0448)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0448 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: bpf: Incorrect verifier prunin...
The vulnerability of the Nginx UI server’s user interface allows attackers to cause service failures, increase their privileges, and expose sensitive information.
The vulnerability of the Nginx UI server’s user interface is related to the lack of measures taken at the management level to clean data. Exploiting this vulnerability can allow a remote attacker to cause service failures, increase their privileges, and expose sensitive information through a...
PT-2024-10089 · Drupal · Drupal Swift Mailer
Name of the Vulnerable Software and Affected Versions: Drupal Swift Mailer versions . Description: The issue is related to an Exposed Dangerous Method or Function vulnerability in Drupal Swift Mailer, which allows Resource Location Spoofing. This can be exploited by a remote attacker to perform...
Side Channels Are Common
Really interesting research: "Lend Me Your Ear: Passive Remote Physical Side Channels on PCs." Abstract: We show that built-in sensors in commodity PCs, such as microphones, inadvertently capture electromagnetic side-channel leakage from ongoing computation. Moreover, this information is often...