Checkmk Security Vulnerabilities

Checkmk is an editor. Checkmk suffers from a security vulnerability that stems from incorrect neutralization of the livestatus command separator. An attacker can exploit this vulnerability to execute arbitrary livestatus commands...

LuxSoft LuxCal Web Calendar Security Vulnerability

LuxSoft LuxCal Web Calendar is a free user-friendly lightweight web-based event calendar from LuxSoft Switzerland. A security vulnerability exists in LuxSoft LuxCal Web Calendar versions prior to 5.2.4M and prior to 5.2.4L, which stems from the presence of a SQL injection vulnerability. An attack...

GaatiTrack Courier Management System 1.0 Cross Site Scripting

Exploit Title: GaatiTrack Courier Management System v1.0 - Multiple Cross-site scripting Date: 12/112023 Exploit Author: BugsBD Security Researcher Rahad Chowdhury Vendor Homepage: https://www.mayurik.com/ Software Link:...

CVE-2023-47204

Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attackers to execute arbitrary Python code...

CVE-2023-45280

Yamcs 5.8.6 allows XSS issue 2 of 2. It comes with a Bucket as its primary storage mechanism. Buckets allow for the upload of any file. There's a way to upload an HTML file containing arbitrary JavaScript and then navigate to it. Once the user opens the file, the browser will execute the arbitrar...

CVE-2023-45158

An OS command injection vulnerability exists in web2py 2.24.1 and earlier. When the product is configured to use notifySendHandler for logging not the default configuration, a crafted web request may execute an arbitrary OS command on the web server using the product...

Command injection

A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiIsolator version 1.0.0, FortiIsolator version 1.1.0, FortiIsolator version 1.2.0 through 1.2.2, FortiIsolator version 2.0.0 through 2.0.1, FortiIsolator version 2.1.0 through 2.1.2,...

CVE-2023-35796

A vulnerability has been identified in SINEMA Server V14 All versions. The affected application improperly sanitizes certain SNMP configuration data retrieved from monitored devices. An attacker with access to a monitored device could perform a stored cross-site scripting XSS attack that may lead...

Code injection

An issue in ZenTao Community Edition v.18.6 and before, ZenTao Biz v.8.6 and before, ZenTao Max v.4.7 and before allows an attacker to execute arbitrary code via a crafted script to the Office Conversion Settings function...

Fortinet FortiIsolator Operating System Command Injection Vulnerability

Fortinet FortiIsolator is a Fortinet application that provides remote security isolation for browsers. The application adds additional advanced threat protection capabilities to the Fortinet Security Fabric and protects business-critical data from sophisticated threats on the Web. Content and fil...

SUSE-SU-2023:4018-1 Security update for go1.20

This update for go1.20 fixes the following issues: - Updated to version 1.20.9 bsc1206346: - CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass bsc1215985...

SUSE-SU-2023:4017-1 Security update for go1.21

This update for go1.21 fixes the following issues: - Updated to version 1.21.2 bsc1212475: - CVE-2023-39323: Fixed an arbitrary execution issue during build time due to path directive bypass bsc1215985...

CVE-2023-43233

A stored cross-site scripting XSS vulnerability in the cms/content/edit component of YZNCMS v1.3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter...

Foreman Transpilation Enables OS Command Injection

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...

CVE-2022-3874

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...

SUSE-SU-2023:3701-1 Security update for go1.21

This update for go1.21 fixes the following issues: Update to go1.21.1 bsc1212475. - CVE-2023-39318: Fixed improper handling of HTML-like comments within script contexts in html/template bsc1215084. - CVE-2023-39319: Fixed improper handling of special tags within script contexts in html/template...

Cross site scripting

A stored cross-site scripting XSS vulnerability in Webmin v2.100 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cloned module name parameter...

CVE-2023-40986

A stored cross-site scripting XSS vulnerability in the Usermin Configuration function of Webmin v2.100 allows attackers to execute arbitrary web sripts or HTML via a crafted payload injected into the Custom field...

CVE-2023-41588

A cross-site scripting XSS vulnerability in Time to SLA plugin v10.13.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the durationFormat parameter...

ASUS RT-AX55 命令注入漏洞

The ASUS RT-AX55 is a dual-band Wi-Fi router from the Chinese company ASUS. A command injection vulnerability exists in ASUS RT-AX55 version v3.0.0.4.386.51598, which stems from the application failing to properly filter construct command special characters, commands, etc. An attacker can exploit...