1178 matches found
SUSE CVE-2021-3514
When using a syncrepl client in 389-ds-base, an authenticated attacker can cause a NULL pointer dereference using a specially crafted query, causing a crash...
VulnCheck KEV: CVE-2023-21715
Microsoft Office Publisher contains a security feature bypass vulnerability that allows for a local, authenticated attack on a targeted system...
Design/Logic Flaw
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx...
Vulnerability fixed in phpMyAdmin
A vulnerability has been fixed in phpMyAdmin. A authenticated malicious party can exploit the vulnerability for a cross-site scripting attack via uploading a rogue .sql file. Such an attack may result in the execution of arbitrary code under the scope of the browser of the victim. In this...
Remote Code Execution in "Import Settings" feature
Description Due to Improper data validation in "Import Settings" feature, an authenticated attacker can send crafted settings with malicious payload inside "system.croncmdline" value. Step to reproduce Requirement: PHP code must be executed on attacker machine - Step 1: Attacker run web server an...
CVE-2023-23937 Missing file upload type validation in pimcore/pimcore
Pimcore is an Open Source Data & Experience Management Platform: PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce. The upload functionality for updating user profile does not properly validate the file content-type, allowing any authenticated user to bypass this security check by adding a valid...
PT-2023-1327 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to multiple vulnerabilities in specific Cisco Identity Services Engine ISE CLI commands. These vulnerabilities could allow an authenticated,...
CVE-2022-37718
The management portal component of JetNexus/EdgeNexus ADC 4.2.8 was discovered to contain a command injection vulnerability. This vulnerability allows authenticated attackers to execute arbitrary commands through a specially crafted payload. This vulnerability can also be exploited from an...
EdgeNexus ADC 操作系统命令注入漏洞
EdgeNexus ADC is a powerful and easy-to-use load balancer from EdgeNexus. An operating system command injection vulnerability exists in EdgeNexus ADC version 4.2.8, which stems from the presence of a command injection vulnerability that allows an authenticated attacker to execute arbitrary comman...
Security Bulletin: Multiple Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway
Summary Security Vulnerabilities in Java and Node.js packages affect IBM Voice Gateway. The vulnerabilities have been addressed. Vulnerability Details CVEID:CVE-2022-25857 DESCRIPTION: Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitatio...
PT-2023-1416 · Zyxel · Zyxel Nr7101
Name of the Vulnerable Software and Affected Versions: Zyxel NR7101 firmware versions prior to V1.15ACCC.3C0 Description: The issue is caused by a buffer overflow vulnerability in the parameter of the CGI program. This could allow an authenticated attacker to cause denial-of-service DoS condition...
CVE-2022-43532
A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct a stored cross-site scripting XSS attack against an administrative user of the interface. A successful exploit allows an attacker to execute arbitrary script...
PT-2022-27871 · Tp Link · Tp-Link Tl-Wr740N
Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR740N V1 and V2 versions 3.12.4 and earlier Description: The issue allows authenticated attackers to execute arbitrary code or cause a Denial of Service DoS via uploading a crafted firmware image during the firmware update process...
TP-LINK TL-WR740N 安全漏洞
The TP-LINK TL-WR740N is a wireless router from China P&L TP-LINK. A security vulnerability exists in TP-LINK TL-WR740N V1 and V2 firmware v3.12.4 and earlier versions, which originates from the ability of an authenticated attacker to achieve arbitrary code execution or denial of service by...
CVE-2022-43660
The CVE-2022-43660 issue is an SSI (Server-Side Includes) handling vulnerability in Movable Type and related products. A remote authenticated attacker with the privilege “Manage of Content Types” could execute arbitrary Perl scripts or arbitrary OS commands via a crafted web page. Affected are Mo...
CVE-2022-43492 WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability
Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...
PT-2022-26841 · Intelbras · Intelbras Sg 2404 Mr
Name of the Vulnerable Software and Affected Versions: INTELBRAS SG 2404 MR version 20180928-rel64938 Description: The issue allows authenticated attackers to create Administrator accounts arbitrarily through crafted user cookies. Recommendations: For version 20180928-rel64938, consider restricti...
CVE-2022-20836
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
CVE-2022-20831
Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center FMC Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface of an affected device. These vulnerabilities are due t...
PT-2022-26577 · Unknown · Comserver Series
Name of the Vulnerable Software and Affected Versions: ComServer Series affected versions not specified Description: The issue allows an authenticated remote attacker to execute arbitrary web scripts or HTML via a crafted payload injected into the title of the configuration webpage. This is a...