Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVStgOfflineOpns service. The issue results from the lack of proper...

Veritas Enterprise Vault Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the EVMonitoring service. The issue results from the lack of proper...

PT-2024-17360 · Gfi · Gfi Archiver

Name of the Vulnerable Software and Affected Versions: GFI Archiver affected versions not specified Description: The issue is a remote code execution vulnerability due to the deserialization of untrusted data in the GFI Archiver Store Service. This allows remote attackers to execute arbitrary cod...

GFI Archiver Store Service Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Authentication is required to exploit this vulnerability. The specific flaw exists within the Store Service, which listens on TCP port 8018 by default. The issue results from the lack o...

Veritas Enterprise Vault MonitoringMiddleTier Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Veritas Enterprise Vault. Authentication is required to exploit this vulnerability. The specific flaw exists within the MonitoringMiddleTier service, which listens on TCP port 8071 by...

SUSE CVE-2024-37303

Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the...

PT-2024-16440 · WordPress · Basepress Docs

Name of the Vulnerable Software and Affected Versions: Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress versions up to, and including, 2.16.3.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to update the database due t...

SolarWinds Platform 2024.0 < 2024.4.1 XSS

The version of SolarWinds Platform installed on the remote host is prior to 2024.4.1. It is, therefore, affected by a vulnerability as referenced in the solarwindsplatform202441 advisory. - The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information...

Hewlett Packard Enterprise Insight Remote Support validateAgainstXSD XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the validateAgainstXSD...

PT-2024-35778 · Freepbx · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX version 17.0.19.17 Description: A vulnerability was discovered in FreePBX, allowing high-privilege administrators to insert unwanted files due to a lack of verification of the type of uploaded files. This issue can be exploited for...

Astra Linux – Vulnerability in freeipa

There is a cross-site request forgery vulnerability in ipa/session/loginpassword in all supported versions of IPA. This flaw allows an attacker to trick the user into submitting a request that could perform actions on behalf of the user, resulting in a loss of confidentiality and system integrity...

CVE-2024-9710

PostHog databaseschema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-8809

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2024-8808

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2024-8808

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2024-8808 Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web...

CVE-2024-5580

Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-5579

Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-30372

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

CVE-2024-30372

Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the...