2475 matches found
CVE-2023-50706
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens...
CVE-2023-50706
A user without administrator permissions with access to the UC500 windows system could perform a memory dump of the running processes and extract clear credentials or valid session tokens...
Remote code execution
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter...
CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter...
CVE-2023-45083 HyperCloud: "admin" and "serveradmin" users can be deleted
An Improper Privilege Management vulnerability exists in HyperCloud that will impact the ability for a user to authenticate against the management plane. An authenticated admin-level user may be able to delete the "admin" or "serveradmin" users, which prevents authentication from subsequently...
SoftIron HyperCloud Security Vulnerability
SoftIron HyperCloud is an intelligent cloud architecture from SoftIron. A security vulnerability exists in SoftIron HyperCloud versions 1.0 through prior to 2.1 that stems from the presence of a mismanagement of privileges vulnerability. An attacker at the administrator level can exploit this...
CVE-2023-5108
The Easy Newsletter Signups WordPress plugin through 1.0.4 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin...
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure
R Radio Network FM Transmitter 1.07 system.cgi Password Disclosure Vendor: R Radio Network Product web page: http://www.pktc.ac.th Affected version: 1.07 Summary: R Radio FM Transmitter that includes FM Exciter and FM Amplifier parameter setup. Desc: The transmitter suffers from an improper acces...
PT-2023-30270 · Unknown · Packers/Movers Management System
Name of the Vulnerable Software and Affected Versions: Packers and Movers Management System version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via a crafted payload to the "/mpms/admin/?page=user/manage user&id" API endpoint. This is achieved by exploiting a SQL...
Privilege escalation
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
CVE-2023-48712 User authorization bug leading to privilege escalation in warpgate
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows a...
PT-2023-30917 · Warpgate · Warpgate
Name of the Vulnerable Software and Affected Versions: Warpgate versions prior to 0.9.0 Description: Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions, there is a privilege escalation issue through a non-admin user's account. Limited users can impersonat...
Design/Logic Flaw
LibreNMS is an auto-discovering PHP/MySQL/SNMP based network monitoring which includes support for a wide range of network hardware and operating systems. In affected versions of LibreNMS when a user accesses their device dashboard, one request is sent to graph.php to access graphs generated on t...
Cross site request forgery (csrf)
A Cross Site Request Forgery vulnerability in ePolicy Orchestrator prior to 5.10.0 CP1 Update 2 allows a remote low privilege user to successfully add a new user with administrator privileges to the ePO server. This impacts the dashboard area of the user interface. To exploit this the attacker mu...
F5 BIG-IP TMUI AJP Smuggling Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...
F5 BIG-IP TMUI AJP Smuggling Remote Code Execution Exploit
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'rex/proto/apachejp' class MetasploitModule 'F5 BIG-IP TMUI AJP Smuggling RCE', 'Description' = %q This module exploits a flaw in F5's BIG-IP Traffic Management...
Cisco IOX XE unauthenticated OS command execution
This module leverages both CVE-2023-20198 and CVE-2023-20273 against vulnerable instances of Cisco IOS XE devices which have the Web UI exposed. An attacker can execute arbitrary OS commands with root privileges. This module leverages CVE-2023-20198 to create a new admin user, then authenticating...
Foreman: Arbitrary code execution through templates
An arbitrary code execution flaw was found in Foreman. This flaw allows an admin user to bypass safe mode in templates and execute arbitrary code on the underlying operating system...
CVE-2023-4956
A flaw was found in Quay. Clickjacking is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they intend to click on the top-level page. During the pentest, it has been detected that the config-editor page is vulnerab...
CVE-2023-33480
RemoteClinic 2.0 contains a critical vulnerability chain that can be exploited by a remote attacker with low-privileged user credentials to create admin users, escalate privileges, and execute arbitrary code on the target system via a PHP shell. The vulnerabilities are caused by a lack of input...