72 matches found
CVE-2023-44384 Discourse-Jira could make SSRF attack by setting Jira URL to an arbitrary location
Discourse-jira is a Discourse plugin allows Jira projects, issue types, fields and field options will be synced automatically. An administrator user can make an SSRF attack by setting the Jira URL to an arbitrary location and enabling the discoursejiraverboselog site setting. A moderator user cou...
Improper access control
A vulnerability was found in Ruijie RG-EW1200G 1.01B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/setpasswd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can ...
CVE-2023-2904
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account credentials available through a request generated by an internal user and then...
Race condition
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account credentials available through a request generated by an internal user and then...
CVE-2023-2904 CVE-2023-2904
The External Visitor Manager portal of HID’s SAFE versions 5.8.0 through 5.11.3 are vulnerable to manipulation within web fields in the application programmable interface API. An attacker could log in using account credentials available through a request generated by an internal user and then...
CVE-2023-2886
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-2886 Cross-Site WebSocket Hijacking in CBOT's Chatbot
Missing Origin Validation in WebSockets vulnerability in CBOT Chatbot allows Content Spoofing Via Application API Manipulation. This issue affects Chatbot: before Core: v4.0.3.4 Panel: v4.0.3.7...
CVE-2023-2886
The CVE-2023-2886 entry concerns CBOT Chatbot core software and its WebSockets origin validation. Affected: CBOT Chatbot Core prior to v4.0.3.4 and Panel prior to v4.0.3.7. Root cause: Missing Origin Validation in WebSockets, enabling content spoofing via the application API manipulation. Impact:...
PT-2023-22012 · Unknown · Cbot Chatbot
Name of the Vulnerable Software and Affected Versions: CBOT Chatbot versions prior to Core: v4.0.3.4 CBOT Chatbot versions prior to Panel: v4.0.3.7 Description: The issue is related to Missing Origin Validation in WebSockets, allowing Content Spoofing Via Application API Manipulation...
Screen SFT DAB 600/C - Authentication Bypass Account Creation
!/usr/bin/env python3 Exploit Title: Screen SFT DAB 600/C - Authentication Bypass Account Creation Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
CVE-2023-0575
External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...
CVE-2023-0575
External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...
Code injection
External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...
CVE-2023-0575
CVE-2023-0575 affects YugabyteDB prior to 2.2.0.0. Public sources describe an External Control of Critical State Data and Code Injection flaw involving DevopsBase.Java:execCommand, TableManager.Java:runCommand, and the program file backup.Py. The issue is exploitable over the network and could al...
CVE-2023-0575 Remote Code Execution
External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...
CVE-2023-0575 Remote Code Execution
External Control of Critical State Data, Improper Control of Generation of Code 'Code Injection' vulnerability in YugaByte, Inc. Yugabyte DB on Windows, Linux, MacOS, iOS DevopsBase.Java:execCommand, TableManager.Java:runCommand modules allows API Manipulation, Privilege Abuse. This vulnerability...
CVE-2022-43438 HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization
The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...
CVE-2022-43438 HWA JIUH DIGITAL TECHNOLOGY LTD. EasyTest - Incorrect Authorization
The Administrator function of EasyTest has an Incorrect Authorization vulnerability. A remote attacker authenticated as a general user can exploit this vulnerability to bypass the intended access restrictions, to make API functions calls, manipulate system and terminate service...
CVE-2022-37160
Claroline 13.5.7 and prior allows an authenticated attacker to elevate privileges via the arbitrary creation of a privileged user. By combining the XSS vulnerability present in several upload forms and a javascript request to the present API, it is possible to trigger the creation of a user with...
IBM Robotic Process Automation权限提升漏洞
IBM Robotic Process Automation is a robotic process automation product from IBM, Inc. It helps you automate more business and IT processes at scale with the ease and speed of traditional RPA. IBM Robotic Process Automation has an elevation of privilege vulnerability that stems from improper...