PT-2024-10212 · Ixsystems · Truenas Core

Name of the Vulnerable Software and Affected Versions: iXsystems TrueNAS CORE versions prior to 13.0-U6.3 Description: The issue is related to the tarfile.extractall method, which lacks proper validation of a user-supplied path prior to using it in file operations. This allows network-adjacent...

Adobe InDesign 13.0 < 13.1.0 Multiple Vulnerabilities (APSB18-11) (macOS)

The version of Adobe InDesign installed on the remote macOS host is prior to 13.1.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB18-11 advisory. - Adobe InDesign versions 13.0 and below have an exploitable Memory corruption vulnerability. Successful exploitatio...

GitLab GraphQL API User Enumeration

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'GitLab GraphQL API User Enumeration', 'Description' = %q This module queries the GitLab GraphQL API without authentication to acquire the list of...

SeaCMS Code Execution Vulnerability (CNVD-2024-37605)

SeaCMS is a free, open source web content management system written in PHP by SeaCMS. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in SeaCMS version 13.0, which stems from the fact that the editing restrictions on files in...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in SeaCMS version 13.0, which stems from improper restrictions on editing files, and can be...

PT-2024-30053 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.0 Description: The issue is related to a remote code execution vulnerability. Although the admin files.php file imposes restrictions on edited files, attackers can bypass these restrictions and write code. This allows...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS. The system has been designed primarily to manage video-on-demand resources. A code execution vulnerability exists in SeaCMS version 13.0, which stems from the fact that the editing restrictions on files in...

PT-2024-38123 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.0 Description: A problematic issue was found in the Password Change Handler component, specifically in the /member.php?action=chgpwdsubmit file. The manipulation of the newpwd and newpwd2 arguments leads to cross-site reques...

NetScaler ADC and NetScaler Gateway Multiple Vulnerabilities (CTX584986l)

The remote NetScaler ADC formerly Citrix ADC or NetScaler Gateway formerly Citrix Gateway device is version 12.1, 12.1-FIPS before 12.1-55.302-FIPS, 13.0 before 13.0-92.21, 13.1 before 13.1-51.15, 13.1-FIPS before 13.1-37.176-FIPS, or 14.1 before 14.1-12.35. It is, therefore, affected by multiple...

Cybrosys Techno Solutions Website Blog Search Security Breach

Cybrosys Techno Solutions Website Blog Search is a blog that provides a search option. A security vulnerability exists in Cybrosys Techno Solutions Website Blog Search versions 13.0 through 13.0.1.0.1, which stems from an SQL injection vulnerability that could allow a remote attacker to execute...

ManageEngine ServiceDesk Plus MSP < 10.6 Build 10611 / 13.0 Build 13004

The version of ManageEngine ServiceDesk Plus MSP installed on the remote host is prior to 10.6 Build 10611, 13.0 Build 13004. It is, therefore, affected by a vulnerability as referenced in the service-desk-mspcve-2023-22964 advisory. - Zoho ManageEngine ServiceDesk Plus MSP before 10611, and 13x...

CVE-2022-46819 WordPress Continuous announcement scroller Plugin <= 13.0 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Gopi Ramasamy Continuous announcement scroller plugin = 13.0 versions...

Wordpress plugin Continuous announcement scroller 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

Upgraded Citrix ADC from 12.1 to 13.0. MFA now giving extra field.

We just upgraded our secondary Netscaler to version 13.0-89.7 firmware. The issue we are having is an extra field appeared on the Imprivata ID 2-Factor page that was not there before. We hadn't upgraded the Primary, yet since this was an issue. Not having this issue on 12.1. Do we need to set up...

Google Android elevation of privilege vulnerability (CNVD-2023-12020)

Google Android is a Linux-based open source operating system from Google. An elevation of privilege vulnerability exists in the enforceVisualVoicemailPackage of PhoneInterfaceManager.java in Google Android version 13.0, which stems from a privilege bypass issue. An attacker can exploit the...

ADC :13.0 :HTML respond policy

ADC :13.0 :HTML respond policy...

ManageEngine ServiceDesk Plus < 13.0 Build 13011 RCE

A remote code execution vulnerability exists in ManageEngine ServiceDesk Plus prior to 13.0 Build 13011 due to a flaw in the Analytics Plus integration input field validation. Vulnerability requires an administrator role access. Note that Nessus has not tested for this issue but has instead relie...

After upgrade to 13.0-85.x or above, unable to access Citrix VPN.

Users getting " No Intranet IP available " post authentication to Citrix VPN. This is only seen in ADC version 13.0-85.x and above...

Citrix Application Delivery Management 资源管理错误漏洞

Citrix Application Delivery Management ADM is an application delivery management system from Citrix. The system provides features such as centralized network and application management. A resource management error vulnerability exists in Citrix Application Delivery Management, which is caused by ...

CVE-2021-4191

Removed by vendor...