ASB-A-343714914

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-8456

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...

PLANET switch devices 访问控制错误漏洞

PLANET switch devices are a series of switch devices from PLANET Corporation in China. An access control error vulnerability exists in PLANET switch devices, which stems from a lack of proper access control for the firmware upload and download functions, allowing an unauthenticated, remote attack...

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...

Accellion FTA Statecode Cookie Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule "Accellion FTA 'statecode' Cookie Arbitrary File Read", 'Description' = %q This module exploits a file disclosure vulnerability in the Accellion...

CVE-2024-43442

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...

CVE-2024-43442

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...

UBUNTU-CVE-2024-43442

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...

CVE-2024-43442

CVE-2024-43442 describes a Cross-Site Scripting (XSS) vulnerability in OTRS/System Configuration where an attacker with admin privileges can target other admins due to improper input neutralization. Affected versions include OTRS 7.0.X–7.0.50, 8.0.X, 2023.X, 2024.X–2024.5.X, and ((OTRS)) Communit...

CVE-2024-43442 Stored XSS in System Configuration

Improper Neutralization of Input done by an attacker with admin privileges 'Cross-site Scripting' in OTRS System Configuration modules and OTRS Community Edition allows Cross-Site Scripting XSS within the System Configuration targeting other admins. This issue affects: OTRS from 7.0.X through...

PT-2024-5943 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.50 OTRS version 8.0.X OTRS version 2023.X OTRS versions 2024.X through 2024.5.X OTRS Community Edition version 6.0.x Description: The issue exists due to improper neutralization of input, allowing an attacker...

CVE-2024-42472

Flatpak is a Linux application sandboxing and distribution framework. Prior to versions 1.14.0 and 1.15.10, a malicious or compromised Flatpak app using persistent directories could access and write files outside of what it would otherwise have access to, which is an attack on integrity and...

Information Exposure

pimcore/admin-ui-classic-bundle is vulnerable to Information Exposure. The vulnerability is due to the exposure of installation and system details to logged-in users at /admin/index/statistics, which allows to gain insights into the system's configuration and potential weaknesses...

The vulnerability of the I/O Trace Tool (formerly NI-Spy) detection and analysis utility for applications within the System Configuration package allows a hacker to execute arbitrary code by causing an operation to go beyond the buffer boundaries in memory.

The vulnerability of the I/O Trace Tool formerly NI-Spy detection and analysis utility in the System Configuration package is related to the execution of operations outside of the buffer in memory. Exploiting this vulnerability could allow a attacker to execute arbitrary code using a specially...

CVE-2024-5602 Stack-based Buffer Overflow Vulnerability in NI I/O Trace Tool

A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an attacker to provide a user with a specially crafted nitrace file. The NI I/O Trace tool is installed as part of the NI...

Unable to set DefaultReuseMachinesWithoutShutdownInOutage using PowerShell command

While runing the PowerShell command "Set-BrokerSite -DefaultReuseMachinesWithoutShutdownInOutage $true" in Citrix Virtual Apps and Desktops CVAD 2203 LTSR environment, the following error "A required feature is disabled by the system configuration" was shown...

CVE-2024-23794

CVE-2024-23794 affects OTRS and describes an incorrect privilege assignment vulnerability in the inline editing functionality that can enable a read-only agent to gain full access to a ticket when the system configuration’s inline editing setting (AgentFrontend::Ticket::InlineEditing::Property###...

The vulnerability of the software for calculating the positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager lies in the presence of undocumented configuration commands. This allows a intruder to obtain information about the system’s configuration.

The vulnerability of the software for calculating the positions of individual RTLS transponders in the SIMATIC RTLS Locating Manager is related to the presence of undocumented configuration commands. Exploiting this vulnerability could allow an attacker to obtain information about the system’s...

CVE-2024-4576

The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information...

CVE-2024-4576 TIBCO EBX File Inclusion Vulnerability

The component listed above contains a vulnerability that allows an attacker to traverse directories and access sensitive files, leading to unauthorized disclosure of system configuration and potentially sensitive information...