Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via insufficient validation of the subDir parameter in volume identifiers. An attacker can cause unintended directories on the NFS server to be deleted or modified by crafting volume identifiers containing path...

n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

Summary A stored Cross-Site Scripting XSS vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the top-level window, rather than within the expected sandbox introduced ...

EUVD-2020-2741

Malware in sbrugna...

CVE-2024-9471

A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...

CVE-2024-9471

CVE-2024-9471 affects Palo Alto Networks PAN-OS XML API. An authenticated administrator with restricted privileges can use a compromised XML API key to perform actions as a higher-privileged administrator (e.g., a read-only virtual-system admin could write changes). The issue arises from privileg...

CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API

A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP Germany. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly...

CVE-2022-24039

A vulnerability has been identified in Desigo PXC4 All versions V02.20.142.10-10884, Desigo PXC5 All versions V02.20.142.10-10884. The “addCell” JavaScript function fails to properly sanitize user-controllable input before including it into the generated XML body of the XLS report document, such...

PT-2022-2567 · Siemens · Desigo Pxc4 +1

Name of the Vulnerable Software and Affected Versions: Desigo PXC4 versions prior to V02.20.142.10-10884 Desigo PXC5 versions prior to V02.20.142.10-10884 Description: A vulnerability has been identified in the addCell JavaScript function, which fails to properly sanitize user-controllable input...

Design/Logic Flaw

the main user account has restricted privileges but is in the sudoers group and there is not any mechanism in place to prevent sudo su or sudo -i to be run gaining unrestricted access to sensible files, encryption, or issue orders that disrupt robot operation...

Microsoft Windows Kernel-Mode Driver RCE Vulnerabilities (3036220)

This host is missing a critical security update according to Microsoft Bulletin MS15-010. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Microsoft Windows Kernel-Mode Driver Privilege Elevation Vulnerability (3019215)

This host is missing an important security update according to Microsoft Bulletin MS15-008. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...