Authentication Bypass

github.com/nats-io/nats-server is vulnerable to Authentication Bypass. The vulnerability occurs when the only account added is the system account $SYS. In this scenario, the nats-server creates an implicit user in $G and designates it as the noauthuser account. This effectively enables the same...

CVE-2023-27316

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

CVE-2023-27316

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

Spoofing

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

CVE-2023-27316 Privilege Escalation Vulnerability in SnapCenter

SnapCenter versions 4.8 through 4.9 are susceptible to a vulnerability which may allow an authenticated SnapCenter Server user to become an admin user on a remote system where a SnapCenter plug-in has been installed...

CVE-2023-44187 Junos OS Evolved: 'file copy' CLI command can disclose password to shell users

An Exposure of Sensitive Information vulnerability in the 'file copy' command of Junos OS Evolved allows a local, authenticated attacker with shell access to view passwords supplied on the CLI command-line. These credentials can then be used to provide unauthorized access to the remote system. Th...

Zyxel P660HN-T1A Routers Command Injection Vulnerability

Zyxel P660HN-T1A routers contain a command injection vulnerability in the Remote System Log forwarding function, which is accessible by an unauthenticated user and exploited via the remotehost parameter of the ViewLog.asp page...

Exploit for Command Injection in Contec Solarview_Compact_Firmware

nmap-CVE-2023-23333-exploit Nmap NSE script to dump /etc/passw...

ARM Mali GPU Kernel Driver < r32p0 / < r35p0 Improper Memory Access (CVE-2021-44828)

The version of the Mali GPU Kernel Driver installed on the remote system is prior to r32p0 running on Midgard architecture or prior to r35p0 running on Bifrost or Valhall architecture. It is, therefore affected by an improper memory access vulnerability. A non-privileged user can get a write acce...

The vulnerability of the IhisiSmm component of the InsydeH2O UEFI firmware creation framework allows a hacker to induce a service failure.

The vulnerability of the IhisiSmm component in the InsydeH2O UEFI firmware creation framework is related to state management errors. Exploiting this vulnerability could allow a remote attacker to cause system failures...

curl: CVE-2023-27534: SFTP path ~ resolving discrepancy

A vulnerability CVE-2023-27534 existed in libcurl's Curlgetworkingpath function, which resolved as remote users' home directory in an undocumented way for the sftp protocol. This could lead to unexpected final paths for sftp access, allowing an attacker with partial path access to gain access to...

The vulnerability of the specialized software development environment SCADAPack Workbench allows a perpetrator to transfer data from local files to a remote system.

The vulnerability of the specialized software development environment SCADAPack Workbench arises from incorrect restrictions on XML references to external objects. This allows attackers to transfer data from local files to a remote system...

CVE-2022-42978

In the Netic User Export add-on before 1.3.5 for Atlassian Confluence, authorization is mishandled. An unauthenticated attacker could access files on the remote system...

CVE-2022-42978

The vulnerability CVE-2022-42978 affects the Netic User Export add-on for Atlassian Confluence prior to version 1.3.5. The root cause is mishandled authorization, allowing an unauthenticated attacker to access files on the remote system. Impact is unauthorized file access. Remediation: upgrade to...

CVE-2022-43774

The HandlerPagePKID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

CVE-2022-43775

The HICTLoop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

Sql injection

The HICTLoop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

Sql injection

The HandlerPagePKID class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

CVE-2022-43775

The HICTLoop class in Delta Electronics DIAEnergy v1.9 contains a SQL Injection flaw that could allow an attacker to gain code execution on a remote system...

CVE-2022-22239

An Execution with Unnecessary Privileges vulnerability in Management Daemon mgd of Juniper Networks Junos OS Evolved allows a locally authenticated attacker with low privileges to escalate their privileges on the device and potentially remote systems. This vulnerability allows a locally...