atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE

Exploit Title: atrocore 1.5.25 User interaction - Unauthenticated File upload - RCE Author: nu11secur1ty Date: 02.16.2023 Vendor: https://atropim.com/ Software: https://github.com/atrocore/atrocore/releases/tag/1.5.25 Reference: https://portswigger.net/web-security/file-upload Description: The...

Sony: SQL Injection at https://████ via ███ parameter

Vulnerability description not provided...

Cisco Secure Network Analytics Remote Code Execution Vulnerability

A vulnerability in the web-based management interface of Cisco Secure Network Analytics could allow an authenticated, remote attacker to execute arbitrary code on the underlying operating system. This vulnerability is due to insufficient sanitization of user-provided data that is parsed into syst...

WCFM Membership < 2.10.1 - Unauthenticated Privilege Escalation

The plugin does not have authorisation in the wcfmajaxcontroller AJAX action, allowing unauthenticated attackers to change membership registration form and set the default role to administrator...

CVE-2023-20068

CVE-2023-20068 concerns Cisco Prime Infrastructure Software. The vulnerability is a reflected XSS in the web-based management interface caused by insufficient validation of user-supplied input. An unauthenticated, remote attacker could lure a user to click a crafted link, potentially executing ar...

CVE-2023-20145

Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 routers expose web‑based management interface XSS vulnerabilities due to insufficient input validation. An unauthenticated, remote attacker could lure a user to a crafted page and execute arbitrary script in the interface context ...

AlmaLinux 8 : gnutls (ALSA-2023:1569)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2023:1569 advisory. - A timing side-channel in the handling of RSA ClientKeyExchange messages was discovered in GnuTLS. This side-channel can be sufficient to recover the key encrypte...

CVE-2023-1710

A sensitive information disclosure vulnerability in GitLab affecting all versions from 15.0 prior to 15.8.5, 15.9 prior to 15.9.4 and 15.10 prior to 15.10.1 allows an attacker to view the count of internal notes for a given issue...

CVE-2023-0325

Uvdesk version 1.1.1 allows an unauthenticated remote attacker to exploit a stored XSS in the application. This is possible because the application does not correctly validate the message sent by the clients in the ticket...

Design/Logic Flaw

The hashing algorithm of ChurchCRM v4.5.3 utilizes a non-random salt value which allows attackers to use precomputed hash tables or dictionary attacks to crack the hashed passwords...

New VPN Malvertising Attack Drops OpcJacker Crypto Stealer

By Deeba Ahmed Researchers warned that the campaign works through a network of fake websites that promote seemingly harmless crypto apps and other software. This is a post from HackRead.com Read the original post: New VPN Malvertising Attack Drops OpcJacker Crypto Stealer...

SmoothOperator Campaign Trojanizes 3CXDesktopApp

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary The 3CX desktop app trojanized via a multi-stage supply attack chain in the SmoothOperator campaign. To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn...

FlipRotation v1.0 decoder - Shellcode (146 bytes)

Exploit Title: FlipRotation v1.0 decoder - Shellcode 146 bytes Exploit Author: Eduardo Silva Date: 2022-12-31 Tested on: Linux x8664 SMP Debian 4.19.260-1 SLAE/Student ID: PA-31319 Webpage: https://0xnibbles.github.io/ Twitter: @0xnibbles Course: This shellcode was created for the x86 Assembly...

Jenkins OctoPerf Load Testing Plugin missing permission check allows for ID enumeration

OctoPerf Load Testing Plugin Plugin 4.5.2 and earlier does not perform a permission check in an HTTP endpoint. This allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. Those can be used as part of an attack to capture the credentials using...

Jenkins Crap4J Plugin vulnerable to XML external entity (XXE) attacks

Jenkins Crap4J Plugin 0.9 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers able to control Crap Report file contents to have Jenkins parse a crafted XML document that uses external entities for extraction of secrets from the Jenkins...

CVE-2023-28682

Jenkins Performance Publisher Plugin 8.09 and earlier does not configure its XML parser to prevent XML external entity XXE attacks...

Stud42 vulnerable to denial of service

A security vulnerability has been identified in the GraphQL parser used by the API of s42.app. An attacker can overload the parser and cause the API pod to crash. With a bit of threading, the attacker can bring down the entire API, resulting in an unhealthy stream. This vulnerability can be...

GHSA-3HWM-922R-47HW Stud42 vulnerable to denial of service

A security vulnerability has been identified in the GraphQL parser used by the API of s42.app. An attacker can overload the parser and cause the API pod to crash. With a bit of threading, the attacker can bring down the entire API, resulting in an unhealthy stream. This vulnerability can be...

Double Free

tensorflow is vulnerable to a Double Free attack. The vulnerability occurs when when the first and the fourth elements of the poolingratio function has parameters not equal to 1.0 in nnops.fractionalavgpoolv2 and nnops.fractionalmaxpoolv2 because pooling on batch and channel dimensions is not...

Corel CorelDRAW Graphics Suite buffer overflow vulnerability (CNVD-2023-29421)

Corel CorelDRAW Graphics Suite is a vector graphics editing software from Corel Digital Technology Canada. Corel CorelDRAW Graphics Suite version 23.5.0.506 contains a buffer overflow vulnerability, which stems from a lack of proper validation of user-supplied data when parsing GIF files and can ...