CVE-2023-21907

Vulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications component: OBVAM Trn Journal Domain. Supported versions that are affected are 14.5, 14.6 and 14.7. Difficult to exploit vulnerability allows high privileged attacker with network acces...

CVE-2023-21992

CVE-2023-21992 affects Oracle PeopleSoft Enterprise HCM Human Resources, component Administer Workforce, in version 9.2. The vulnerability arises from insufficient input validation, enabling a low-privileged, network-accessible attacker (via HTTP) to perform unauthorized update/insert/delete and ...

Iranian Hackers Using SimpleHelp Remote Support Software for Persistent Access

The Iranian threat actor known as MuddyWater is continuing its time-tested tradition of relying on legitimate remote administration tools to commandeer targeted systems. While the nation-state group has previously employed ScreenConnect, RemoteUtilities, and Syncro, a new analysis from Group-IB h...

Campcodes Advanced Online Voting System Cross-Site Scripting Vulnerability

Campcodes Advanced Online Voting System is an online voting system. A cross-site scripting vulnerability exists in Campcodes Advanced Online Voting System v1.0. The vulnerability stems from the lack of effective filtering and escaping of user-supplied data in the parameter title of the file...

CVE-2023-30769

Vulnerability discovered is related to the peer-to-peer p2p communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes...

Design/Logic Flaw

Vulnerability discovered is related to the peer-to-peer p2p communications, attackers can craft consensus messages, send it to individual nodes and take them offline. An attacker can crawl the network peers using getaddr message and attack the unpatched nodes...

CVE-2015-10103 InternalError503 Forget It settings.js infinite loop

A vulnerability, which was classified as problematic, was found in InternalError503 Forget It up to 1.3. This affects an unknown part of the file js/settings.js. The manipulation of the argument setForgetTime with the input 0 leads to infinite loop. It is possible to launch the attack on the loca...

CVE-2023-30769

CVE-2023-30769 describes a vulnerability in peer-to-peer (p2p) communications where an attacker can craft consensus messages and target individual nodes, potentially taking them offline. Multiple connected sources reiterate that an attacker can crawl network peers via getaddr messages to attack u...

ALSA-2023:1802 Important: thunderbird security update

Mozilla Thunderbird is a standalone mail and newsgroup client. This update upgrades Thunderbird to version 102.10.0. Security Fixes: Thunderbird: Revocation status of S/Mime recipient certificates was not checked CVE-2023-0547 Mozilla: Matrix SDK bundled with Thunderbird vulnerable to...

Sales Tracker Management System SQL Injection Vulnerability (CNVD-2023-29365)

Sales Tracker Management System is a sales tracking management system. Sales Tracker Management System v1.0 is vulnerable to SQL injection. The vulnerability originates from the missing validation of the parameter id of /admin/products/manageproduct.php for external input SQL statements. An...

Microsoft Visual Studio Spoofing Vulnerability (CNVD-2023-29698)

Microsoft Visual Studio is a family of development tools from Microsoft Corporation USA, and a largely complete development toolset that includes most of the tools needed throughout the software lifecycle. Microsoft Visual Studio is vulnerable to a spoofing vulnerability that can be exploited by...

Security Bulletin: Vulnerability in RC4 stream cipher affects IBM BladeCenter S SAS RAID Module Firmware (CVE-2015-2808)

Summary The RC4 "Bar Mitzvah Attack" for SSL/TLS affects IBM BladeCenter S SAS RAID Module Firmware. Vulnerability Details Summary The RC4 "Bar Mitzvah Attack" for SSL/TLS affects IBM BladeCenter S SAS RAID Module Firmware. Vulnerability Details: CVE-ID: CVE-2015-2808 Description: The RC4...

Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure

Exploit Title: Sielco PolyEco Digital FM Transmitter 2.0.6 - Unauthenticated Information Disclosure Exploit Author: LiquidWorm Vendor: Sielco S.r.l Product web page: https://www.sielco.org Affected version: PolyEco1000 CPU:2.0.6 FPGA:10.19 PolyEco1000 CPU:1.9.4 FPGA:10.19 PolyEco1000 CPU:1.9.3...

Cesanta MJS Denial of Service Vulnerability (CNVD-2023-29378)

Cesanta MJS is a JavaScript engine designed for microcontrollers with limited resources. Cesanta MJS version 2.20.0 contains a denial of service vulnerability that can be exploited by attackers to launch a denial of service attack...

Ultimate Noindex Nofollow Tool II < 1.3.4 - Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

Enable Accessibility <= 1.4 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

Shortlinks by Pretty Links < 3.4.1 - Link Visit Stats Clear via CSRF

The plugin does not have CSRF checks when clearing the Link Visits statistics, which could allow attackers to make logged in admins perform such actions via a CSRF attack...

Microsoft SharePoint Server Spoofing Vulnerability (CNVD-2023-72199)

Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A spoofing...

Microsoft Windows DNS Remote Code Execution Vulnerability (CNVD-2023-44304)

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...

Microsoft Windows DNS Remote Code Execution Vulnerability

Microsoft Windows DNS is a domain name resolution service from Microsoft. The Domain Name System DNS is one of the industry-standard suite of protocols that encompasses TCP/IP, and DNS clients and DNS servers work together to provide name resolution services for computers and users that map...