Marval MSM 加密问题漏洞

Marval MSM is an innovative IT service management software from Marval UK. A security vulnerability exists in Marval MSM that stems from the use of TripleDES and IV with encryption-at-rest keys to store secrets and certain credentials to a database. Affected products and versions: Marval MSM...

WordPress Plugin Elementor Website Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on servers running PHP and MySQL.WordPress plugin is an...

CVE-2023-27126

The AES Key-IV pair used by the TP-Link TAPO C200 camera V3 EU on firmware version 1.1.22 Build 220725 is reused across all cameras. An attacker with physical access to a camera is able to extract and decrypt sensitive data containing the Wifi password and the TP-LINK account credential of the...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to denial of service due to org.glassfish.jersey.core_jersey-common

Summary IBM Sterling Partner Engagement Manager has addressed vulnerability mentioned in CVE by updating to latest versions of libraries. Vulnerability Details IBM X-Force ID: 230016 DESCRIPTION: Eclipse Jetty is vulnerable to a denial of service, caused by an error related to some of the...

SUSE CVE-2022-24695

Bluetooth Classic in Bluetooth Core Specification through 5.3 does not properly conceal device information for Bluetooth transceivers in Non-Discoverable mode. By conducting an efficient over-the-air attack, an attacker can fully extract the permanent, unique Bluetooth MAC identifier, along with...

HTML Injection / Possible XSS

Description In pimcore I was able to identify a Unauthenticated HTML Injection / XSS Possible. Conditions: 2 factor authentication must not set before Vulnerable Endpoint: http://localhost/admin/login/2fa-setup Vulnerable Param: error= How it works, So basically any admin, who has not setup 2...

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-25737

An invalid downcast from nsTextNode to SVGElement could have lead to undefined behavior. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

Spoofing

The Content-Security-Policy-Report-Only header could allow an attacker to leak a child iframe's unredacted URI when interaction with that iframe triggers a redirect. This vulnerability affects Firefox 110, Thunderbird 102.8, and Firefox ESR 102.8...

CVE-2023-2835

The WP Directory Kit plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'search' parameter in versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web...

MicroWorld Technologies eScan Management Console 跨站脚本漏洞

MicroWorld Technologies eScan Management Console is an electronic scanning management console from MicroWorld Technologies, Inc. A security vulnerability exists in MicroWorld Technologies eScan Management Console version 14.0.1400.2281, which stems from the presence of a Reflective Cross Site...

CVE-2023-29543

An attacker could have caused memory corruption and a potentially exploitable use-after-free of a pointer in a global object's debugger vector. This vulnerability affects Firefox for Android 112, Firefox 112, and Focus for Android 112...

CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

DEBIAN-CVE-2023-34151

A vulnerability was found in ImageMagick. This security flaw ouccers as an undefined behaviors of casting double to sizet in svg, mvg and other coders recurring bugs of CVE-2022-32546...

PT-2023-24199 · Nextcloud · Nextcloud Contacts

Name of the Vulnerable Software and Affected Versions: Nextcloud Contacts app versions prior to 4.2.4 Nextcloud Contacts app versions prior to 5.0.3 Description: The issue concerns the handling of unsanitized SVG files in the Contacts app for Nextcloud. These files are converted into JavaScript...

The vulnerability of the monitoring and security management tool Trend Micro Apex Central lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the monitoring and security management tool Trend Micro Apex Central lies in the improper handling of the deletecertvec parameter at the end of the modTMMS process. Exploiting this vulnerability allows an attacker who operates remotely to execute arbitrary code...

Faculty Evaluation System SQL注入漏洞

Faculty Evaluation System is a faculty evaluation system by Carlo Montero Personal Developer. SourceCodester Faculty Evaluation System version 1.0 suffers from a SQL injection vulnerability that stems from a problem with the file index.php?page=edituser, which can be exploited by an attacker to...

Connect IQ 安全漏洞

Connect IQ CIQ is a technology platform and ecosystem from Garmin Switzerland designed to extend and customize the functionality of its smartwatches and health trackers. A security vulnerability exists in Connect IQ. An attacker exploited the vulnerability to cause a buffer overflow...