837 matches found
Tenda AX12 安全漏洞
Tenda AX12 is a dual-band Gigabit Wi-Fi 6 wireless router designed for home users, supporting dual-band concurrent transmission at up to 2976Mbps. The Tenda AX12 suffers from a buffer overflow vulnerability that originates from the list parameter at /goform/SetVirtualServerCfg that fails to...
Contact Form 7 < 5.8.4 - Authenticated (Editor+) Arbitrary File Upload
Description The Contact Form 7 plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'validate' function and insufficient blocklisting on the 'wpcf7antiscriptfilename' function in versions up to, and including, 5.8.3. This makes it possible f...
CVE-2023-41790
Uncontrolled Search Path Element vulnerability in Pandora FMS on all allows Leveraging/Manipulating Configuration File Search Paths. This vulnerability allows to access the server configuration file and to compromise the database. This issue affects Pandora FMS: from 700 through 773...
PT-2023-28093 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 773 Description: The issue is related to an Uncontrolled Search Path Element vulnerability, which allows for Leveraging/Manipulating Configuration File Search Paths. This vulnerability enables access to the...
CVE-2023-34062
A flaw was found in the Reactor Netty HTTP Server. If the server is configured to serve static resources, an attacker can use a specially crafted URL that may allow unauthorized access to privileged data on the server...
CVE-2023-34997
Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-25075
Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...
Code injection
Unquoted search path in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...
Design/Logic Flaw
Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-34997
Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-34997
Insecure inherited permissions in the installer for some Intel Server Configuration Utility software before version 16.0.9 may allow an authenticated user to potentially enable escalation of privilege via local access...
CVE-2023-34997
Affected software: Intel Server Configuration Utility (before version 16.0.9). Vulnerability: insecure inherited permissions in the installer, allowing an authenticated user with local access to potentially escalate privileges. Impact: privilege escalation with high impact on confidentiality, int...
CVE-2023-25075
CVE-2023-25075 describes an unquoted search path in the installer of Intel® Server Configuration Utility software pre-16.0.9, which may allow an authenticated local user to escalate privileges. Affected product: Intel Server Configuration Utility installer (before 16.0.9). Remediation: update to ...
Intel Server Configuration Utility software security vulnerability
Intel Server Configuration Utility is a command line utility program from Intel Corporation USA. A security vulnerability exists in the Intel Server Configuration Utility software. An attacker could exploit the vulnerability to cause an elevation of privilege...
Intel Server Configuration Utility software security vulnerability
Intel Server Configuration Utility is a command line utility program from Intel Corporation USA. A security vulnerability exists in the Intel Server Configuration Utility software. An attacker could exploit the vulnerability to cause an elevation of privilege...
PT-2023-25086 · Intel · Intel Server Configuration Utility
Name of the Vulnerable Software and Affected Versions: Intel Server Configuration Utility versions prior to 16.0.9 Description: The issue is related to insecure inherited permissions in the installer for some Intel Server Configuration Utility software. This may allow an authenticated user to...
Intel® Server Configuration Utility Software Installer Advisory
Summary: Potential security vulnerabilities in the Intel® Server Configuration Utility software installer may allow escalation of privilege. Intel is releasing software updates to mitigate these potential vulnerabilities. Vulnerability Details: CVEID: CVE-2023-25075 Description: Unquoted search...
CVE-2023-42802 GLPI vulnerable to unallowed PHP script execution
GLPI is a free asset and IT management software package. Starting in version 10.0.7 and prior to version 10.0.10, an unverified object instantiation allows one to upload malicious PHP files to unwanted directories. Depending on web server configuration and available system libraries, malicious PH...
CVE-2023-46236 FOG SSRF via unauthenticated endpoint(s)
FOG is a free open-source cloning/imaging/rescue suite/inventory management system. Prior to version 1.5.10, a server-side-request-forgery SSRF vulnerability allowed an unauthenticated user to trigger a GET request as the server to an arbitrary endpoint and URL scheme. This also allows remote...
CVE-2023-31416 Elastic Cloud on Kubernetes (ECK) secret token configuration issue
Secret token configuration is never applied when using ECK =8.0. This could lead to anonymous requests to an APM Server being accepted and the data ingested into this APM deployment...