PT-2024-24560 · Activecampaign · Activecampaign

Name of the Vulnerable Software and Affected Versions: ActiveCampaign versions n/a through 8.1.14 Description: The issue is a Server-Side Request Forgery SSRF vulnerability. This means an attacker could potentially force the server to make requests to arbitrary domains, which could lead to...

WordPress ActiveCampaign plugin <= 8.1.14 - Server Side Request Forgery (SSRF) vulnerability

Server Side Request Forgery SSRF vulnerability discovered by Yuchen Ji Patchstack Alliance in WordPress Plugin ActiveCampaign versions = 8.1.14...

PT-2023-30637 · Unknown · Expresstech Quiz/Survey Master

Name of the Vulnerable Software and Affected Versions: ExpressTech Quiz And Survey Master plugin versions prior to 8.1.14 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. Recommendations: For ExpressTech Quiz...

Splunk Enterprise Account Takeover

https://github.com/redwaysecurity/CVEs/blob/main/CVE-2023-32707/README.md !/usr/bin/env python3 Splunk admin account take over exploit - CVE-2023-32707 Author: Redway Security Discovery: Santiago Lopez Vendor Description: A low-privilege user who holds a role that has the edituser capability...

PT-2023-3015 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description: A low-privileged user with the edit user...

PT-2023-23975 · Splunk · Splunk Enterprise

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Description: An unauthenticated attacker can send specially-crafted messages to the XML parser within SAML...

PHP 8.1.x < 8.1.14

The version of PHP installed on the remote host is prior to 8.1.14. It is, therefore, affected by a vulnerability as referenced in the Version 8.1.14 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEV...

CVE-2022-22487

An IBM Spectrum Protect storage agent could allow a remote attacker to perform a brute force attack by allowing unlimited attempts to login to the storage agent without locking the administrative ID. A remote attacker could exploit this vulnerability using brute force techniques to gain...

CVE-2020-2010

An OS command injection vulnerability in PAN-OS management interface allows an authenticated administrator to execute arbitrary OS commands with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14; PAN-OS 9.0 versions earlier than 9.0.7...

Stack overflow

A stack-based buffer overflow vulnerability in the management server component of PAN-OS that allows an authenticated user to potentially execute arbitrary code with root privileges. This issue affects: All versions of PAN-OS 7.1 and 8.0; PAN-OS 8.1 versions earlier than 8.1.14...