2392 matches found
Dell Avamar Fitness Analyzer API SQL Injection Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Dell Avamar. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of the start parameter provided to the report endpoint. The issue results...
CVE-2024-11947
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withi...
CVE-2024-11949
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists with...
CVE-2024-11947
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withi...
PT-2024-17334 · WordPress · Powerbi Embed Reports
Name of the Vulnerable Software and Affected Versions: PowerBI Embed Reports plugin for WordPress versions up to, and including, 1.1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'MO API POWER BI' shortcode due to insufficient input sanitization and output...
Linux Kernel ksmbd PreviousSessionId Race Condition Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the processing of sessions with...
Progress Software WhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetOrderByClause method. The issue results from the la...
Progress Software WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilterCriteria method. The issue results from the...
Progress Software WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetSqlWhereClause method. The issue results from the...
Progress Software WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability
This vulnerability allows remote attackers to escalate privileges on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilterCriteria method. The issue results from the...
CVE-2024-11949 GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists with...
CVE-2024-11949
CVE-2024-11949 : GFI Archiver Store Service deserializes untrusted data due to insufficient input validation, enabling remote code execution. The flaw resides in the Store Service (default port 8018) and can be triggered remotely with authentication, potentially executing code as SYSTEM. Exploita...
CVE-2024-11949 GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists with...
CVE-2024-11947
The CVE-2024-11947 entry describes a deserialization flaw in GFI Archiver’s Core Service (default port 8017) that allows remote code execution. The root cause is improper validation of user-supplied data, enabling an attacker to run arbitrary code in the SYSTEM context after authenticating. Multi...
CVE-2024-11947 GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withi...
CVE-2024-11947 GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver Core Service Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists withi...
Veritas Enterprise Vault MonitoringMiddleTier Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the MonitoringMiddleTier service, which listens on TCP port 8071 by...
PT-2024-17359 · Gfi · Gfi Archiver
Name of the Vulnerable Software and Affected Versions: GFI Archiver affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this issue. The specific flaw exists withi...
Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVExchangeWebServicesProxy service. The issue results from the lack o...
Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVStgOfflineOpns service. The issue results from the lack of proper...