5655 matches found
Alert: New Kubernetes Vulnerabilities Enable Remote Attacks on Windows Endpoints
Three interrelated high-severity security flaws discovered in Kubernetes could be exploited to achieve remote code execution with elevated privileges on Windows endpoints within a cluster. The issues, tracked as CVE-2023-3676, CVE-2023-3893, and CVE-2023-3955, carry CVSS scores of 8.8 and impact...
PT-2023-28233 · Unknown · Pdf-Xchange Editor
Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations. It requires user interaction, such as visiting a malicious page or opening a...
Oracle Linux 5 : gdm (ELSA-2009-1364)
The remote Oracle Linux 5 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2009-1364 advisory. 1:2.16.0-56 - Resolves: 239818 181302 - Fix tcp wrappers detection on 64-bit 1:2.16.0-55 Resolves: 196054 - Fix docs subpackage Requires 1:2.16.0-53 Resolves:...
Oracle Linux 6 / 7 : php54-php (ELSA-2015-1219)
The remote Oracle Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2015-1219 advisory. - core: fix multipart/form-data request can use excessive amount of CPU usage CVE-2015-4024 - fix various functions accept paths with NUL character...
The vulnerability of the Java Protocol Buffers protobuf-java environment library, related to insufficient validation of input data, allows attackers to trigger service failures.
The vulnerability of the Java Protocol Buffers protobuf-java environment library is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service failures remotely...
CVE-2016-15035
A vulnerability was found in Doc2k RE-Chat 1.0. It has been classified as problematic. This affects an unknown part of the file jsonradio-emergency.de/rechat.js. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The patch is named...
Google Chrome 缓冲区错误漏洞
Google Chrome is a web browser from Google, Inc. in the United States. A security vulnerability exists in Google Chrome prior to version 116.0.5845.96, which stems from a heap buffer overflow in the Mojom IDL, which allows remote attackers to exploit heap corruption to gain control of the WebUI...
Zoom ZTP & AudioCodes Phones Flaws Uncovered, Exposing Users to Eavesdropping
Multiple security vulnerabilities have been disclosed in AudioCodes desk phones and Zoom's Zero Touch Provisioning ZTP that could be potentially exploited by a malicious attacker to conduct remote attacks. "An external attacker who leverages the vulnerabilities discovered in AudioCodes Ltd.'s des...
Cross site scripting
Cross Site Scripting XSS vulnerability in backend/pages/modify.php in Lepton-CMS version 4.7.0, allows remote attackers to execute arbitrary code...
EuroTel ETL3100 Transmitter Default Credentials Vulnerability
EuroTel ETL3100 transmitters use a weak set of default administrative credentials that can be guessed in remote password attacks and gain full control of the system. EuroTel ETL3100 Transmitter Default Credentials Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page:...
EuroTel ETL3100 Transmitter Default Credentials
EuroTel ETL3100 Transmitter Default Credentials Vendor: EuroTel S.p.A. | SIEL, Sistemi Elettronici S.R.L Product web page: https://www.eurotel.it | https://www.siel.fm Affected version: v01c01 Microprocessor: socs0t10/ats01s01, Model: ETL3100 Exciter v01x37 Microprocessor: socs0t08/socs0s08, Mode...
EuroTel ETL3100 Transmitter Default Credentials
Summary RF Technology For Television Broadcasting Applications. The Series ETL3100 Radio Transmitter provides all the necessary features defined by the FM and DAB standards. Two bands are provided to easily complain with analog and digital DAB standard. The Series ETL3100 Television Transmitter...
Security Bulletin: IBM OpenPages for IBM Cloud Pak for Data is Vulnerable to JetBrains Kotlin weak security [CVE-2022-24329]
Summary There is a vulnerability in the JetBrains Kotlin open source library used by IBM OpenPages for IBM Cloud Pak for Data. This vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-24329 DESCRIPTION: JetBrains Kotlin could provide weaker than expected security, caused by...
The vulnerability of the Webmin control panel in hosting systems stems from the lack of protective measures for website structures, allowing attackers to carry out XSS attacks.
The vulnerability of the Webmin control panel is related to the lack of measures taken to protect the website’s structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks remotely...
CVE-2023-4183
A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file editupdate.php of the component Password Handler. The manipulation of the argument userid leads to improper access controls. The atta...
PT-2023-5019 · 3S Smart Software Solutions · Codesys Cmpapp
Name of the Vulnerable Software and Affected Versions: CODESYS CMPapp affected versions not specified Description: The issue is related to insufficient input validation in the CMPapp component of CODESYS software products. This can be exploited by a remote attacker to cause a denial of service...
PT-2023-26604 · Unknown · Campcodes Beauty Salon Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Beauty Salon Management System version 1.0 Description: A critical vulnerability has been found in the system. The issue is related to an unknown function of the file /admin/del service.php, where the manipulation of the editid...
CVE-2023-3849
A vulnerability, which was classified as problematic, was found in mooSocial mooDating 1.2. Affected is an unknown function of the file /find-a-match of the component URL Handler. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The identifier of this...
Sql injection
A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=article/category/del of the component Delete Category Handler. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been...
Critical Flaws in AMI MegaRAC BMC Software Expose Servers to Remote Attacks
Two more security flaws have been disclosed in AMI MegaRAC Baseboard Management Controller BMC software that, if successfully exploited, could allow threat actors to remotely commandeer vulnerable servers and deploy malware. "These new vulnerabilities range in severity from High to Critical,...