WordPress Graphicsly plugin <= 1.0.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG File Upload vulnerability

Authenticated Author+ Stored Cross-Site Scripting via SVG File Upload vulnerability discovered by Francesco Carlucci in WordPress Plugin Graphicsly versions = 1.0.2...

CVE-2024-23972 Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability

Sony XAV-AX5500 USB Configuration Descriptor Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this vulnerability. Th...

CVE-2024-40852

This issue was addressed by restricting options offered on a locked device. This issue is fixed in iOS 18 and iPadOS 18. An attacker may be able to see recent photos without authentication in Assistive Access...

PT-2024-39272 · Cohesive Networks · Cohesive Networks Vns3

Name of the Vulnerable Software and Affected Versions: Cohesive Networks VNS3 affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this issue. The specif...

PT-2024-39273 · Cohesive Networks · Cohesive Networks Vns3

Name of the Vulnerable Software and Affected Versions: Cohesive Networks VNS3 affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this issue. The specif...

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from th...

Trend Micro Deep Discovery Inspector SQL Injection Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Trend Micro Deep Discovery Inspector. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 443 by default. The...

Cohesive Networks VNS3 Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cohesive Networks VNS3. Authentication is required to exploit this vulnerability. The specific flaw exists within the web service, which listens on TCP port 8000 by default. The issue results from th...

PT-2024-39222 · WordPress · Email Obfuscate Shortcode

Name of the Vulnerable Software and Affected Versions: Email Obfuscate Shortcode plugin for WordPress versions up to, and including, 2.0 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'email-obfuscate' shortcode due to insufficient input sanitization and output...

Ivanti Endpoint Manager loadMouseTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadMouseTable method. The issue results from the lack of...

Ivanti Endpoint Manager loadKeyboardTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadKeyboardTable method. The issue results from the lack ...

Ivanti Endpoint Manager LoadMotherboardTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the LoadMotherboardTable method. The issue results from the la...

Ivanti Endpoint Manager loadModuleTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadModuleTable method. The issue results from the lack of...

Ivanti Endpoint Manager LoadSlotsTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the LoadSlotsTable method. The issue results from the lack of...

Ivanti Endpoint Manager updateAssetInfo SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the updateAssetInfo method. The issue results from the lack of...

Ivanti Endpoint Manager GetVulnerabilitiesDataTable SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetVulnerabilitiesDataTable method. The issue results from...

Ivanti Endpoint Manager GetSQLStatement SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetSQLStatement method. The issue results from the lack of...

Ivanti Endpoint Manager loadSystemInfo SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the loadSystemInfo method. The issue results from the lack of...

Vulnerabilities fixed in Microsoft Azure

Microsoft has fixed vulnerabilities in several Azure components. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, access sensitive data and potentially execute commands with Administrator privileges. Abuse is not easy and requires prior authentication a...

Loftware Spectrum 安全漏洞

Loftware Spectrum is an enterprise label printing solution from Loftware, a comprehensive, cloud-based label printing platform for companies of all sizes. A security vulnerability exists in Loftware Spectrum prior to version 4.6, which stems from HF14 that allows authenticated XML external entity...