CLSA-2023-1699907659 Fix CVE(s): CVE-2023-32360

SECURITY UPDATE: An unauthenticated user may be able to access recently printed documents. The config file /etc/cups/cupsd.conf should be edited manually in case the cups has been already installed in the system: the and sections should be changed according to the patch. -...

CLSA-2023-1699907536 Fix CVE(s): CVE-2023-32360

SECURITY UPDATE: An unauthenticated user may be able to access recently printed documents. The config file /etc/cups/cupsd.conf should be edited manually in case the cups has been already installed in the system: the and sections should be changed according to the patch -...

CVE-2023-26455

RMI was not requiring authentication when calling ChronosRMIService:setEventOrganizer. Attackers with local or adjacent network access could abuse the RMI service to modify calendar items using RMI. RMI access is restricted to localhost by default. The interface has been updated to require...

CVE-2023-5860

The Icons Font Loader plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload function in all versions up to, and including, 1.1.2. This makes it possible for authenticated attackers, with administrator-level access and above, to upload...

PT-2023-20648 · Unknown · Chronosrmiservice

Name of the Vulnerable Software and Affected Versions: ChronosRMIService affected versions not specified Description: The issue allows attackers with local or adjacent network access to abuse the RMI service and modify calendar items using RMI, due to a lack of authentication requirement when...

CVE-2023-45357

Archer Platform 6.x before 6.13 P2 HF2 6.13.0.2.2 contains a sensitive information disclosure vulnerability. An authenticated attacker could potentially obtain access to sensitive information via a popup warning message. 6.14 6.14.0 is also a fixed release...

CVE-2023-41261

An issue was discovered in /fcgi/scrutfcgi.fcgi in Plixer Scrutinizer before 19.3.1. The csvExportReport endpoint action generateCSV does not require authentication and allows an unauthenticated user to export a report and access the results...

SUSE CVE-2023-42669

A vulnerability was found in Samba's "rpcecho" development server, a non-Windows RPC server used to test Samba's DCE/RPC stack elements. This vulnerability stems from an RPC function that can be blocked indefinitely. The issue arises because the "rpcecho" service operates with only one worker in...

PT-2023-29493 · Unknown · Mtproto Proxy

Name of the Vulnerable Software and Affected Versions: mtproto proxy versions through 0.7.2 Description: A low-privileged remote attacker can access an improperly secured default installation without authenticating and achieve remote command execution ability. Recommendations: For versions throug...

PT-2023-5693 · D Link · D-Link D-View

Name of the Vulnerable Software and Affected Versions: D-Link D-View affected versions not specified Description: The issue is related to the showUsers method and is caused by inadequate authorization procedures. This allows remote attackers to escalate their privileges on affected installations...

PT-2023-6115 · A10 · A10 Thunder Adc

Name of the Vulnerable Software and Affected Versions: A10 Thunder ADC affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. The specific flaw exists within the ShowTechDownloadView class,...

(0Day) D-Link Multiple Routers cli Command Injection Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1260 and DIR-2150 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the CLI service, which listens on TCP port 23. The issue...

A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability

This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability. The specific flaw exists within the FileMgmtExport class. The issue results from the lack of proper validation of a...

CVE-2023-4097

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username...

PT-2023-29166 · 2J · 2J Slideshow Team Slideshow

Name of the Vulnerable Software and Affected Versions: 2J Slideshow Team Slideshow, Image Slider by 2J plugin versions = 1.3.54 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or...

ManageEngine ADManager Plus installServiceWithCredentials Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the installServiceWithCredentials function. The issue results from the lack of...

(0Day) Control Web Panel dns_zone_editor Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the dnszoneeditor module. The issue results from the lack of proper validation of a...

(0Day) Control Web Panel mysql_manager Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Control Web Panel. Authentication is required to exploit this vulnerability. The specific flaw exists within the mysqlmanager module. The issue results from the lack of proper validation of a...

PT-2023-31897 · Illumio · Illumio Pce

Name of the Vulnerable Software and Affected Versions: Illumio PCE affected versions not specified Description: The issue is related to unsafe deserialization of untrusted JSON, which allows execution of arbitrary code on affected releases of the Illumio PCE. To exploit this, authentication to th...

CVE-2023-43138

TPLINK TL-ER5120G 4.0 2.0.0 Build 210817 Rel.80868n has a command injection vulnerability, when an attacker adds NAPT rules after authentication, and the rule name has an injection point...