CVE-2023-36634

An incomplete filtering of one or more instances of special elements vulnerability CWE-792 in the command line interpreter of FortiAP-U 7.0.0, 6.2.0 through 6.2.5, 6.0 all versions, 5.4 all versions may allow an authenticated attacker to list and delete arbitrary files and directory via specially...

Vulnerabilities fixed in Nagios XI

Vulnerabilities have been fixed in Nagios XI. A malicious party can exploit the vulnerabilities to use SQL injection to manipulate data manipulate data or gain access to sensitive data within Nagios, or to perform a Cross-Site-Scripting XSS attack. Such an attack can lead to execution of arbitrar...

ManageEngine ADManager Plus download Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of ManageEngine ADManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the download method. The issue results from the lack of proper validatio...

PT-2023-6897 · Redis · Redisgraph

Name of the Vulnerable Software and Affected Versions: RedisGraph versions 2.x through 2.12.8 Description: The issue is related to a buffer overflow in the RedisGraph database, which can be exploited by a remote attacker to execute arbitrary code after valid authentication. This can occur due to...

CVE-2023-20194

A vulnerability in the ERS API of Cisco ISE could allow an authenticated, remote attacker to read arbitrary files on the underlying operating system of an affected device. To exploit this vulnerability, an attacker must have valid Administrator-level privileges on the affected device. This...

SUSE CVE-2023-39511

Cacti is an open source operational monitoring and fault management framework. Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability which allows an authenticated user to poison data stored in the cacti's database. These data will be viewed by administrative cacti...

D-Link DIR-3040 prog.cgi SetUsersSettings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

D-Link DIR-3040 prog.cgi SetTriggerPPPoEValidate Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

D-Link DIR-3040 prog.cgi SetWan2Settings Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

Vulnerabilities fixed in Zoom

Zoom has fixed vulnerabilities in the clients of Zoom and Zoom Rooms. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, gain access to system data or cause a denial-of-service. To cause a Denial-of-Service, the malicious party does not need prior...

PT-2023-26945 · Unknown · Rdpngfileupload.Dll +1

Name of the Vulnerable Software and Affected Versions: IRM Next Generation booking system affected versions not specified Description: A vulnerability in RDPngFileUpload.dll allows a remote attacker to upload arbitrary content, such as a web shell component, to the SQL database and execute it wit...

D-Link DIR-3040 prog.cgi SetMyDLinkRegistration Stack-Based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-3040 routers. Authentication is required to exploit this vulnerability. The specific flaw exists within the prog.cgi binary, which handles HNAP requests made to the lighttpd...

PT-2023-5421 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.25 Description: The issue is related to a Stored Cross-Site-Scripting XSS vulnerability, which allows an authenticated user to poison data stored in the Cacti database. This data will be viewed by administrative...

PT-2023-5422 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti version 1.2.24 Description: The issue is related to insufficient validation of arguments passed to a command in the lib/snmp.php file, allowing an authenticated privileged user to perform command injection and obtain remote code executi...

PT-2023-29862 · Lg · Lg Led Assistant

Name of the Vulnerable Software and Affected Versions: LG LED Assistant affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG LED Assistant. Authentication is not required to exploit this issue. The specific flaw...

PT-2023-27316 · Devaldi · Flowpaper Plugin

Name of the Vulnerable Software and Affected Versions: Devaldi Ltd flowpaper plugin versions = 1.9.9 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the Devaldi Ltd flowpaper plugin. This vulnerability requires authentication and is limited to use...

PT-2023-26494 · Realwebcare · Realwebcare Wrc Pricing Tables

Name of the Vulnerable Software and Affected Versions: Realwebcare WRC Pricing Tables plugin versions prior to 2.3.8 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the Realwebcare WRC Pricing Tables plugin. This vulnerability requires...

PT-2023-20095 · WordPress · Yotuwp Video Gallery

Name of the Vulnerable Software and Affected Versions: Yotuwp Video Gallery plugin versions prior to 1.3.13 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. Recommendations: For Yotuwp Video Gallery plugin...

PT-2023-23994 · Woocommerce · Woocommerce Brands

Name of the Vulnerable Software and Affected Versions: WooCommerce WooCommerce Brands plugin versions = 1.6.45 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication and affects users with contributor or higher permissions...

D-Link DAP-2622 DDP Set AG Profile UUID Stack-based Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation ...