CVE-2023-46026

Cross Site Scripting XSS vulnerability in profile.php in phpgurukul Teacher Subject Allocation Management System 1.0 allows attackers to run arbitrary code via the 'adminname' and 'email' parameters...

Microsoft SharePoint 安全漏洞

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A code execution...

CVE-2023-0898 Uncontrolled Search Path Element in GE MiCOM S1 Agile

General Electric MiCOM S1 Agile is vulnerable to an attacker achieving code execution by placing malicious DLL files in the directory of the application...

Fedora 39 : libspf2 (2023-b317dd9220)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-b317dd9220 advisory. Patch CVE-2023-42118, plus some other fixes. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

TOTOLINK X6000R setTracerouteCfg function code execution vulnerability

TOTOLINK X6000R is a wireless router from China Gion Electronics that supports WiFi 6 technology with high concurrent connections and dual-band transmission. A code execution vulnerability exists in TOTOLINK X6000R. The vulnerability stems from the application failing to properly filter special...

Google Android Code Execution Vulnerability (CNVD-2023-96686)

Google Android is a Linux-based open source operating system from Google. A code execution vulnerability exists in Google Android, which can be exploited by an attacker to execute arbitrary code on the system...

USN-6453-2 xorg-server vulnerabilities

USN-6453-1 fixed several vulnerabilities in X.Org. This update provides the corresponding update for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled prepending values to certain properties. ...

PT-2023-26329 · Unknown · Superwebmailer

Name of the Vulnerable Software and Affected Versions: SuperWebMailer version 9.00.0.01710 Description: An issue in SuperWebMailer allows Remote Code Execution via a crafted sendmail command line. Recommendations: For SuperWebMailer version 9.00.0.01710, consider restricting access to the sendmai...

CVE-2023-45677 Heap buffer out of bounds write in start_decoder in stb_vorbis

stbvorbis is a single file MIT licensed library for processing ogg vorbis files. A crafted file may trigger out of bounds write in f-vendorlen = char'\0';. The root cause is that if len read in startdecoder is a negative number and setupmalloc successfully allocates memory in that case, but memor...

CVE-2023-35986 Santesoft Sante DICOM Viewer Pro Stack-based Buffer Overflow

Sante DICOM Viewer Pro lacks proper validation of user-supplied data when parsing DICOM files. This could lead to a stack-based buffer overflow. An attacker could leverage this vulnerability to execute arbitrary code in the context of the current process...

CVE-2023-35184 SolarWinds Access Rights Manager Deserialization of Untrusted Data Remote Code Execution Vulnerability

The SolarWinds Access Rights Manager was susceptible to Remote Code Execution Vulnerability. This vulnerability allows an unauthenticated user to abuse a SolarWinds service resulting in a remote code execution...

SolarWinds Access Rights Manager OpenClientUpdateFile Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the OpenClientUpdateFile method. The issue results from the lack of...

RHEL 8 : python-reportlab (RHSA-2023:5788)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:5788 advisory. Python-reportlab is a library used for generation of PDF documents. Security Fixes: python-reportlab: code injection in paraparser.py allows code...

D-Link DAP-X1860 Code Execution Vulnerability

The D-Link DAP-X1860 is a wireless router from China-based AUO D-Link. The D-Link DAP-X1860 suffers from a code execution vulnerability that stems from an application's failure to properly filter special elements of constructed code segments. An attacker could exploit this vulnerability to execut...

SUSE-SU-2023:4048-1 Security update for python-reportlab

This update for python-reportlab fixes the following issues: - CVE-2019-19450: Fixed an issue which allowed remote code execution via startunichar in paraparser.py evaluating untrusted user input. bsc1215560...

CVE-2023-36785

Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability...

CVE-2023-36583 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

...

CVE-2023-36591 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability

...

SUSE-SU-2023:4041-1 Security update for php-composer2

This update for php-composer2 fixes the following issues: - CVE-2023-43655: Fixed a remote code execution issue that could be triggered if users published a web-accessible composer.phar file bsc1215859...

CVE-2023-44087

A vulnerability has been identified in Tecnomatix Plant Simulation V2201 All versions V2201.0009, Tecnomatix Plant Simulation V2302 All versions V2302.0003. The affected applications contain an out of bounds read past the end of an allocated structure while parsing specially crafted SPP files. Th...