CVE-2023-40051

CVE-2023-40051 affects Progress Application Server (PAS) for OpenEdge. A WEB transport request can allow unintended file uploads to a server directory path on the PASOE host, potentially enabling a later attack if the uploaded payload is exploitable. Affected versions are 11.7 before 11.7.18, 12....

UBUNTU-CVE-2023-51698

Atril is a simple multi-page document viewer. Atril is vulnerable to a critical Command Injection Vulnerability. This vulnerability gives the attacker immediate access to the target system when the target user opens a crafted document or clicks on a crafted link/URL using a maliciously crafted CB...

PHPJabbers Cleaning Business Software Cross-Site Scripting Vulnerability

PHPJabbers Cleaning Business Software is a cleaning reservation software from PHPJabbers Serbia. PHPJabbers Cleaning Business Software suffers from a cross-site scripting vulnerability. An attacker can exploit this vulnerability to perform cross-site scripting attacks...

CVE-2023-45139 fonttools XML External Entity Injection (XXE) Vulnerability

fontTools is a library for manipulating fonts, written in Python. The subsetting module has a XML External Entity Injection XXE vulnerability which allows an attacker to resolve arbitrary entities when a candidate font OT-SVG fonts, which contains a SVG table, is parsed. This allows attackers to...

Red Hat FreeIPA Security Vulnerability

Red Hat FreeIPA is a comprehensive security information management solution. A security vulnerability exists in Red Hat FreeIPA. An attacker could exploit the vulnerability by tricking a user into submitting a request that could be executed as the user, resulting in a loss of confidentiality and...

ZTE ZXCLOUD iRAI Code Issue Vulnerability

The ZTE ZXCLOUD iRAI is a virtualization device from ZTE Corporation ZTE of China. A security vulnerability exists in ZTE ZXCLOUD iRAI. An attacker can exploit this vulnerability to place a fake DLL file in a specific directory and successfully execute malicious code...

GHSA-F8MP-X433-5WPF Arbitrary remote code execution within `wrangler dev` Workers sandbox

Impact The V8 inspector intentionally allows arbitrary code execution within the Workers sandbox for debugging. wrangler dev would previously start an inspector server listening on all network interfaces. This would allow an attacker on the local network to connect to the inspector and run...

The vulnerability of Mozilla browsers, related to writing beyond the buffer limit, allows attackers to execute arbitrary code.

The vulnerability of the Mozilla browser is related to writing beyond the buffer boundaries. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

CVE-2023-50094

reNgine before 2.1.2 allows OS Command Injection if an adversary has a valid session ID. The attack places shell metacharacters in an api/tools/wafdetector/?url= string. The commands are executed as root via subprocess.checkoutput...

CVE-2023-7058

A vulnerability was found in SourceCodester Simple Student Attendance System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to path traversal: '../filedir'. The attack can be launched remotely. The...

Hospital Management System 4.0 XSS / Shell Upload / SQL Injection Vulnerabilities

Hospital Management System versions 4.0 and below suffer from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities. Description: Mutiple vulnerabilties were discovered in Hospital Management System Affected CMS: Hospital Management System Affected Version: unread...

PT-2023-9274 · Superagi · Superagi

Name of the Vulnerable Software and Affected Versions: SuperAGI versions all Description: The issue is related to the incorrect management of code generation in the eval function of the SuperAGI framework, which can be exploited by a remote attacker to execute arbitrary code and gain full control...

Cost of a Data Breach Report 2023: Insights, Mitigators and Best Practices

John Hanley of IBM Security shares 4 key findings from the highly acclaimed annual Cost of a Data Breach Report 2023 What is the IBM Cost of a Data Breach Report? The IBM Cost of a Data Breach Report is an annual report that provides organizations with quantifiable information about the financial...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2024-0118434)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2023-31316 · [Vendor] · [Product]

Name of the Vulnerable Software and Affected Versions: PRODUCT version VERSION Description: A problem in COMPONENT of VENDOR PRODUCT on PLATFORMS allows ATTACKER to IMPACT via VECTOR. Recommendations: At the moment, there is no information about a newer version that contains a fix for this...

The vulnerability of the microprogrammed software of the FXC AE1021 and FXC AE1021PE routers lies in the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary commands.

The vulnerability of the microprogrammed routing devices FXC AE1021 and FXC AE1021PE lies in the lack of measures to neutralize the special elements used in the operating system commands. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Fortinet FortiSandbox Cross-Site Scripting Vulnerability

Fortinet FortiSandbox is an APT Advanced Persistent Threat protection appliance from Fortinet. The appliance offers dual sandboxing technology, dynamic threat intelligence system, real-time control panel and reporting. A cross-site scripting vulnerability exists in Fortinet FortiSandbox that stem...

curl: cookie injection with none file

A flaw was found in the Curl package. This flaw allows an attacker to insert cookies into a running program using libcurl if the specific series of conditions are met...

CVE-2023-43628

An integer underflow vulnerability exists in the NTRIP Stream Parsing functionality of GPSd 3.25.1dev. A specially crafted network packet can lead to memory corruption. An attacker can send a malicious packet to trigger this vulnerability...