The vulnerability of the application layer in real-time content management system SQL Directus, related to the use of incorrect alias names, allows attackers to bypass the password protection for arbitrary users.

The vulnerability of the application layer in real-time database content management system SQL Directus is related to the use of names with incorrect references. Exploiting this vulnerability could allow an attacker to reset the password of an arbitrary user remotely...

BIT-EJBCA-2021-40087

An issue was discovered in PrimeKey EJBCA before 7.6.0. When audit logging changes to the alias configurations of various protocols that use an enrollment secret, any modifications to the secret were logged in cleartext in the audit log that can only be viewed by an administrator. This affects us...

Ubuntu 'command-not-found' Tool Could Trick Users into Installing Rogue Packages

Cybersecurity researchers have found that it's possible for threat actors to exploit a well-known utility called command-not-found to recommend their own rogue packages and compromise systems running Ubuntu operating system. "While 'command-not-found' serves as a convenient tool for suggesting...

Navgix - A Multi-Threaded Golang Tool That Will Check For Nginx Alias Traversal Vulnerabilities

navgix is a multi-threaded golang tool that will check for nginx alias traversal vulnerabilities Techniques Currently, navgix supports 2 techniques for finding vulnerable directories or location aliases. Those being the following: Heuristics navgix will make an initial GET request to the page, an...

RHEL 8 : open-vm-tools (RHSA-2023:7264)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7264 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

SUSE CVE-2023-35969

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chaintable parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This...

SUSE CVE-2023-35970

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chaintable parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This...

DEBIAN-CVE-2023-35970

Multiple heap-based buffer overflow vulnerabilities exist in the fstReaderIterBlocks2 chaintable parsing functionality of GTKWave 3.3.115. A specially crafted .fst file can lead to arbitrary code execution. A victim would need to open a malicious file to trigger these vulnerabilities.This...

K000138114: open-vm-tools vulnerability CVE-2023-34058

Security Advisory Description VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges https : //docs . vmware . com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtu...

CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

CVE-2023-6710

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

Cross site scripting

A flaw was found in the modproxycluster in the Apache server. This issue may allow a malicious user to add a script in the 'alias' parameter in the URL to trigger the stored cross-site scripting XSS vulnerability. By adding a script on the alias parameter on the URL, it adds a new virtual host an...

Apache httpd Cross-Site Scripting Vulnerability

Apache httpd is an open source HTTP server from the Apache Foundation developed and maintained for modern operating systems. Apache httpd suffers from a cross-site scripting vulnerability that stems from a flaw found in modproxycluster that allows a malicious user to add scripts to the alias...

PT-2023-32745 · Apache +2 · Apache Server +2

Name of the Vulnerable Software and Affected Versions: Apache server affected versions not specified Description: A flaw was found in the mod proxy cluster in the Apache server, which may allow a malicious user to add a script in the alias parameter in the URL to trigger a stored cross-site...

Rocky Linux 8 : open-vm-tools (RLSA-2023:7265)

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:7265 advisory. - VMware Tools contains a SAML token signature bypass vulnerability. A malicious actor that has been granted Guest Operation Privileges...

OESA-2023-1833 open-vm-tools security update

The project is an open source implementation of VMware Tools. It is a suite of open source virtualization utilities and drivers to improve the functionality, user experience and administration of VMware virtual machines. This package contains only the core user-space programs and libraries of...

open-vm-tools: SAML token signature bypass

A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...

open-vm-tools: SAML token signature bypass

A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...

open-vm-tools: SAML token signature bypass

A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...

open-vm-tools: SAML token signature bypass

A flaw was found in open-vm-tools. This flaw allows a malicious actor that has been granted Guest Operation Privileges in a target virtual machine to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias...