Arduino Data Forgery Issue Vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent versions prior to 1.3.2, which stems from a security hole in the /v2/pkgs/tools/installed endpoint. An attacker can exploit this vulnerability to bypass CORS configuration and...

Arduino path traversal vulnerability

Arduino is a microcontroller board from the Arduino project. A security vulnerability exists in Arduino Create Agent. An attacker can exploit this vulnerability to delete arbitrary files or folders...

CVE-2023-22074

Vulnerability in the Oracle Database Sharding component of Oracle Database Server. Supported versions that are affected are 19.3-19.20 and 21.3-21.11. Easily exploitable vulnerability allows high privileged attacker having Create Session, Select Any Dictionary privilege with network access via...

CVE-2023-34210

SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter...

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

Sql injection

SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter...

Path traversal

Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive...

CVE-2023-34209 Exposure of Sensitive System Information to an Unauthorized Control Sphere in EasyUse MailHunter Ultimate

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

Oracle Database Server Security Vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability in the Oracle Database Sharding component of Oracle Database...

Oracle Database Server Security Vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing, and other functions. A security vulnerability in the Oracle Database Sharding component of Oracle Database...

VulnCheck KEV: CVE-2023-20198

Cisco IOS XE Web UI contains a privilege escalation vulnerability in the web user interface that could allow a remote, unauthenticated attacker to create an account with privilege level 15 access. The attacker can then use that account to gain control of the affected device...

PT-2023-24737 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to perform arbitrary system commands with ‘NT AuthoritySYSTEM‘ privilege via a crafted ZIP archive. This is due to an unrestricted...

OpenSearch Project Security Vulnerability

OpenSearch Project is OpenSearch Project open source a community-driven, Apache 2.0 licensed open source search and analytics suite. Making it easy to access, search, visualize and analyze data. A security vulnerability exists in OpenSearch. An attacker exploiting this vulnerability could perform...

PT-2023-24740 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter in the create customer group function. Thi...

CVE-2023-45391

A stored cross-site scripting XSS vulnerability in the Create A New Employee function of Granding UTime Master v9.0.7-Build:Apr 4,2023 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the First Name parameter...

Github Cachet Injection Vulnerability

Github Cachet is a software application. An open source status page system. An injection vulnerability exists in versions of Cachet prior to 2.4 that stems from allowing users to execute arbitrary code during poor filtering and older twig versions via the Create Template feature...

SUSE CVE-2023-43787

A vulnerability was found in libX11 due to an integer overflow within the XCreateImage function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with elevated privileges...

libX11 Input Validation Error Vulnerability

X.Org libX11 is an X11 X Window System client library from the X.org Foundation. A security vulnerability exists in libX11, which stems from an integer overflow vulnerability in the XCreateImage function. An attacker can exploit this vulnerability to elevate privileges and execute arbitrary code...

PT-2023-6111 · Libx11 +10 · Libx11 +10

Name of the Vulnerable Software and Affected Versions: libX11 affected versions not specified Description: A vulnerability was found in libX11 due to an integer overflow within the XCreateImage function. This flaw allows a local user to trigger an integer overflow and execute arbitrary code with...