27 matches found
EUVD-2022-36039
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2019-18814
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in the Linux kernel through 5.3.9. There is a use-after-free when aalabelparse fails in aaauditruleinit in security/apparmor/audit.c...
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
PT-2023-13054 · Osticket · Osticket
Name of the Vulnerable Software and Affected Versions: osTicket osTicket-plugins versions prior to commit a7842d494889fd5533d13deb3c6a7789768795ae Description: The issue is a Cross Site Scripting XSS vulnerability in the audit/templates/auditlogs.tmpl.php file. This vulnerability can be exploited...
CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
Design/Logic Flaw
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
CVE-2022-45771
An issue in the /api/audits component of Pwndoc v0.5.3 allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file...
PT-2022-27641 · Pwndoc · Pwndoc
Name of the Vulnerable Software and Affected Versions: Pwndoc version 0.5.3 Description: An issue in the "/api/audits" component allows attackers to escalate privileges and execute arbitrary code via uploading a crafted audit file. Recommendations: For Pwndoc version 0.5.3, consider disabling the...
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
CVE-2022-32973
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
Command injection
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
Design/Logic Flaw
An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...
CVE-2022-32974
An authenticated attacker could read arbitrary files from the underlying operating system of the scanner using a custom crafted compliance audit file without providing any valid SSH credentials...
CVE-2022-32974
CVE-2022-32974 is confirmed in connected documents as affecting Tenable Nessus/ Nessus Agent prior to specific versions. An authenticated attacker could read arbitrary files from the underlying OS via a crafted compliance audit file, without SSH credentials. Exploitation details and affected vers...