NETGEAR ProSAFE Network Management System Tomcat Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the product installer. The issue results from the use of a...

CVE-2023-40513

LG Simple Editor UserManageController getImageByFilename Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Although authentication is required to exploit this...

CVE-2023-51583 Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability

Voltronic Power ViewPower UpsScheduler Exposed Dangerous Method Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. The...

CVE-2023-51583

CVE-2023-51583 affects Voltronic Power ViewPower; the flaw is in the UpsScheduler class due to an exposed dangerous method, enabling remote code execution with SYSTEM context. It requires no authentication and is exploitable over the network (per ZDI advisory). The available documents confirm the...

CVE-2023-50223 Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability

Inductive Automation Ignition ExtendedDocumentCodec Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit this...

CVE-2023-50218

CVE-2023-50218 affects Inductive Automation Ignition, specifically the ModuleInvoke class, where unvalidated user-supplied data can be deserialized, enabling remote code execution with SYSTEM privileges. The vulnerability is network-accessible (attack vector: NETWORK) with low initial access requ...

CVE-2023-44412 D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability

D-Link D-View addDv7Probe XML External Entity Processing Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of D-Link D-View. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-40516

CVE-2023-40516 affects LG Simple Editor. The issue is in the product installer which sets incorrect permissions on folders, enabling a local attacker with low privileges to escalate to SYSTEM and execute arbitrary code. Documents confirm local privilege escalation and do not provide patch/version...

CVE-2023-40514

The CVE-2023-40514 issue affects LG Simple Editor, specifically the FileManagerController.getImageByFilename method, where a lack of validation for a user-supplied path enables directory traversal information disclosure. The vulnerability allows remote attackers to disclose sensitive information ...

CVE-2023-40512

LG Simple Editor’s CVE-2023-40512 affects the PlayerController.getImageByFilename method, where lack of validation of a user-supplied path enables directory traversal to disclose sensitive information. The vulnerability allows remote attackers to access information in the context of SYSTEM, with ...

CVE-2023-40509 LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability

LG Simple Editor deleteCanvas Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...

CVE-2023-40495 LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability

LG Simple Editor copyTemplateAll Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw...

CVE-2023-38124 Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability

Inductive Automation Ignition OPC UA Quick Client Task Scheduling Exposed Dangerous Function Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Inductive Automation Ignition. Authentication is required to exploit...

SolarWinds Access Rights Manager JsonSerializationHelper Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Access Rights Manager. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

Ivanti Avalanche validateAMCWSConnection Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Ivanti Avalanche. Authentication is not required to exploit this vulnerability. The specific flaw exists within the validateAMCWSConnection method. The issue results from the lack of proper...

CVE-2023-35719 ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability

ManageEngine ADSelfService Plus GINA Client Insufficient Verification of Data Authenticity Authentication Bypass Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of ManageEngine ADSelfService Plus. Authentication is not...

(0Day) LG Simple Editor saveXmlFile XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of LG Simple Editor. Authentication is not required to exploit this vulnerability. The specific flaw exists within the saveXmlFile method. Due to the improper restriction of XML External Entity...

Schneider Electric APC Easy UPS Online getMacAddressByIP Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Schneider Electric APC Easy UPS Online. Authentication is not required to exploit this vulnerability. The specific flaw exists within the getMacAddressByIP function. The issue results from the lack o...

ManageEngine OpManager Plus getNmapInitialOption Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine OpManager Plus. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNmapInitialOption function. The issue results from the lack of proper...

ManageEngine NetFlow Analyzer getNmapInitialOption Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of ManageEngine NetFlow Analyzer. Authentication is required to exploit this vulnerability. The specific flaw exists within the getNmapInitialOption function. The issue results from the lack of proper...