CVE-2023-1388

A heap-based overflow vulnerability in TA prior to version 5.7.9 allows a remote user to alter the page heap in the macmnsvc process memory block, resulting in the service becoming unavailable...

IDOR can make attackers add or close others' unavaiable

both user1 and user2 are Providers 1 user1 login and add unavaiable 2 request can be like POST /index.php/backendapi/ajaxsaveunavailable HTTP/1.1...

CVE-2023-29024 Rockwell Automation ArmorStart ST Vulnerable to Cross-Site Scripting Attack

A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product A cross site scripting vulnerability was discovered that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a...

CVE-2023-29023

CVE-2023-29023 affects Rockwell Automation’s ArmorStart ST. The issue is a cross-site scripting vulnerability (improper input handling) that could allow a malicious user to view/modify sensitive data or render the web page unavailable, with exploitation requiring user interaction (e.g., phishing)...

CVE-2023-28762

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting int...

CVE-2023-28762

Affected product: SAP BusinessObjects Business Intelligence Platform (versions 420 and 430). Vulnerability summary: An authenticated attacker with administrator privileges can obtain the login token of any logged-in BI user over the network without user interaction, enabling impersonation of any ...

CVE-2023-28762 Information Disclosure in SAP BusinessObjects Intelligence Platform

SAP BusinessObjects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker with administrator privileges to get the login token of any logged-in BI user over the network without any user interaction. The attacker can impersonate any user on the platform resulting int...

CVE-2023-29185

SAP NetWeaver AS for ABAP Business Server Pages - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources...

Design/Logic Flaw

SAP NetWeaver AS for ABAP Business Server Pages - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources...

CVE-2023-29185 Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages)

SAP NetWeaver AS for ABAP Business Server Pages - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an attacker authenticated as a non-administrative user to craft a request with certain parameters in certain circumstances which can consume the server's resources...

PT-2023-22189 · Sap · Sap Netweaver

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver BI CONT ADDON versions 707, 737, 747, 757 Description: The issue allows an attacker to exploit a directory traversal flaw in a report to upload and overwrite files on the SAP server. Although data cannot be read, a remote attack...

CVE-2023-26437 Deterred spoofing attempts can lead to authoritative servers being marked unavailable

Denial of service vulnerability in PowerDNS Recursor allows authoritative servers to be marked unavailable.This issue affects Recursor: through 4.6.5, through 4.7.4 , through 4.8.3...

Trellix Agent 缓冲区错误漏洞

Trellix Agent is a client component of FireEye USA Trellix, Inc. provides secure communication between McAfee ePolicy Orchestrator McAfee ePO and hosted products. A security vulnerability exists in Trellix Agent Windows and Linux version 5.7.8 and earlier. An attacker can exploit the vulnerabilit...

Windows 11 10.0.22000 - Backup service Privilege Escalation Vulnerability

Title: Windows 11 10.0.22000 - Backup service Privilege Escalation Author: nu11secur1ty Vendor: https://www.microsoft.com/ Software: https://www.microsoft.com/en-us/software-download/windows11 Reference: https://github.com/nu11secur1ty/CVE-mitre/tree/main/2023/CVE-2023-21752 Description: Windows ...

GHSA-3HWM-922R-47HW Stud42 vulnerable to denial of service

A security vulnerability has been identified in the GraphQL parser used by the API of s42.app. An attacker can overload the parser and cause the API pod to crash. With a bit of threading, the attacker can bring down the entire API, resulting in an unhealthy stream. This vulnerability can be...

ChatGPT Bug Exposes Conversation History Titles

By Habiba Rashid Are you wondering why your ChatGPT conversation history has been unavailable since yesterday? Well, here is why! This is a post from HackRead.com Read the original post: ChatGPT Bug Exposes Conversation History Titles...

CVE-2023-28338

Any request send to a Netgear Nighthawk Wifi6 Router RAX30's web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting ...

CVE-2023-27498

SAP Host Agent SAPOSCOL - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...

Information disclosure

SAP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, has multiple vulnerabilities in an unused class for error handling in which an attacker authenticated as a non-administrative user can craft a request with...

CVE-2023-27498 Memory Corruption vulnerability in SAP Host Agent (SAPOSCOL)

SAP Host Agent SAPOSCOL - version 7.22, allows an unauthenticated attacker with network access to a server port assigned to the SAP Start Service to submit a crafted request which results in a memory corruption error. This error can be used to reveal but not modify any technical information about...