27 matches found
EUVD-2022-36039
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-18814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in aaauditruleinit in security/apparmor/audit.c...
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
PT-2023-13054 · Osticket · Osticket
Name of the Vulnerable Software and Affected Versions: osTicket osTicket-plugins versions prior to commit a7842d494889fd5533d13deb3c6a7789768795ae Description: The issue is a Cross Site Scripting XSS vulnerability in the audit/templates/auditlogs.tmpl.php file. This vulnerability can be exploited...
CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
Design/Logic Flaw
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
PT-2022-27641 · Pwndoc · Pwndoc
Name of the Vulnerable Software and Affected Versions: Pwndoc version 0.5.3 Description: An issue in the "/api/audits" component allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. Recommendations: For Pwndoc version 0.5.3, consider disabling the...
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
Command injection
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
Design/Logic Flaw
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
CVE-2022-32974
CVE-2022-32974 is confirmed in connected documents as affecting Tenable Nessus/ Nessus Agent prior to specific versions. An authenticated attacker could read arbitrary files from the underlying OS via a crafted compliance audit file, without SSH credentials. Exploitation details and affected vers...