EUVD-2023-3187

Malicious code in bioql PyPI...

CVE-2020-26733

Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...

PT-2024-37554 · Zkteco · Zkbio Cvsecurity V5000

Name of the Vulnerable Software and Affected Versions: ZKTeco ZKBio CVSecurity V5000 version 4.1.0 Description: A problematic issue was found in the Push Configuration Section component. The manipulation of the Configuration Name argument leads to cross-site scripting. It is possible to initiate...

GHSA-QJ86-P74R-7WP5 Remote code execution/programming rights with configuration section from any user account

Impact Anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki...

CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

CVE-2023-50723 XWiki Platform remote code execution/programming rights with configuration section from any user account

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the...

CVE-2023-50722 XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass

XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter...

CVE-2023-35852

In Suricata before 6.0.13 when there is an adversary who controls an external source of rules, a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring...

CVE-2023-29007

Git is a revision control system. Prior to versions 2.30.9, 2.31.8, 2.32.7, 2.33.8, 2.34.8, 2.35.8, 2.36.6, 2.37.7, 2.38.5, 2.39.3, and 2.40.1, a specially crafted .gitmodules file with submodule URLs that are longer than 1024 characters can used to exploit a bug in...

CVE-2020-26733

Cross Site Scripting XSS in Configuration page in SKYWORTH GN542VF Hardware Version 2.0 and Software Version 2.0.0.16 allows authenticated attacker to inject their own script into the page via DDNS Configuration Section...

CVE-2020-26733

CVE-2020-26733: XSS in the Configuration page of SKYWORTH GN542VF (HW 2.0 / SW 2.0.0.16). The vulnerability resides in the DDNS Configuration section, allowing an authenticated attacker to inject script via that page. Documented impact is Cross Site Scripting with partial integrity impact and low...

Huawei Data Communication: Read current-configuration configuration section include multicast routing-enable

Get the sections with multicast routing-enable of the VRP device. Note: This script only stores information for other Policy Controls. SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Upgrading to Storefront 3.12 CU4 fails - MSI logs shows Citrix Protocol Transition service exception

When attempting to upgrade Storefront 3.12 LTSR to CU4 fails. In the Install wizard the following message is displayed: When checking the MSI Installer logs the following exception is found NOTE: MSI logs are found in C:\Windows\Temp\Storefront\CitrixMsi-CitrixStoreFront-x64-201X.-xx-xx-xx.log...

Dell EMC Avamar And Integrated Data Protection Appliance Invalid Access Control

Exploit Title: Dell EMC Avamar and Integrated Data Protection Appliance Installation Manager Missing Access Control Vulnerability DSA-2018-025 Date: 24/11/2017 Exploit Author: SlidingWindow Vendor Homepage: https://store.Dell EMC.com/en-us/AVAMAR-PRODUCTS/Dell-DELL...

StoreFront 3.5 to 3.8 upgrade fails.

In the MSI logs we get following error: An error occurred creating the configuration section handler for citrix.deliveryservices/protocolTransitionSettings: Could not load file or assembly 'Citrix.DeliveryServices.ProtocolTransition.Configuration, Version=2.6.0.0, OR An error occurred creating th...