Lucene search
K

6060 matches found

0day.today
0day.today
added 2023/05/05 12:0 a.m.278 views

Wolf CMS 0.8.3.1 - Remote Code Execution Vulnerability

Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" tab. Click on the...

7.1AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/05/04 12:0 a.m.8 views

PT-2023-3026 · Wago · Wago Cc100 +4

Name of the Vulnerable Software and Affected Versions: WAGO PFC100 versions =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =23, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the device...

10CVSS9.1AI score0.81911EPSS
Exploits5References11
NVD
NVD
added 2023/05/02 8:15 p.m.23 views

CVE-2022-47876

The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts...

9.1CVSS8.7AI score0.07048EPSS
Exploits4References2
Cvelist
Cvelist
added 2023/05/02 12:0 a.m.26 views

CVE-2022-47876

The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts...

8.9AI score0.07048EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2023/04/27 12:0 a.m.3 views

PT-2023-2594 · Docker · Docker Desktop For Windows

Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue is related to a symlink attack on the hyperv/create dockerBackendV2 API, allowing attackers to overwrite any file by controlling the DataFolder parameter for...

7.1CVSS6.9AI score0.00332EPSS
Exploits0References7
NVD
NVD
added 2023/04/23 8:15 p.m.16 views

CVE-2023-31043

EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...

7.5CVSS7.5AI score0.0043EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/23 12:0 a.m.6 views

PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 10.23.33 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 11.18.29 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 12.13.17 EnterpriseDB EDB...

7.5CVSS7.4AI score0.0043EPSS
Exploits0References9
OSV
OSV
added 2023/04/19 9:30 p.m.21 views

GHSA-C23V-VQW5-52C5 PowerJob vulnerable to Incorrect Access Control via the create user/save interface.

PowerJob v4.9.3 is vulnerable to Incorrect Access Control via the create user/save interface...

5.3CVSS5.1AI score0.02998EPSS
Exploits2References3
Github Security Blog
Github Security Blog
added 2023/04/19 9:30 p.m.23 views

PowerJob vulnerable to Incorrect Access Control via the create user/save interface.

PowerJob v4.9.3 is vulnerable to Incorrect Access Control via the create user/save interface...

5.3CVSS5.1AI score0.02998EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2023/04/19 7:15 p.m.17 views

Improper access control

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface...

5CVSS5.2AI score0.02998EPSS
Exploits2References1Affected Software1
OSV
OSV
added 2023/04/19 12:30 p.m.20 views

GHSA-MPVF-6H9G-2HQ2 PowerJob Incorrect Access Control vulnerability

PowerJob v4.3.6 is vulnerable to Incorrect Access Control via the create app interface...

5.3CVSS5.1AI score0.00533EPSS
Exploits1References3
OSV
OSV
added 2023/04/19 12:15 p.m.12 views

CVE-2023-29921

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface...

5.3CVSS5.6AI score
Exploits0References1
CNNVD
CNNVD
added 2023/04/19 12:0 a.m.4 views

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that originates from a corruption of the iscsiswtcpsessioncreate instruction responsible for freeing memory in the SCSI...

5.5CVSS6.3AI score0.00249EPSS
Exploits0References17
CVE
CVE
added 2023/04/19 12:0 a.m.49 views

CVE-2023-29921

PowerJob V4.3.1 is affected by Incorrect Access Control via the create app interface, enabling an attacker to create apps without permission. The issue is described in multiple sources (e.g., Red Hat, GHSA/OSV, Veracode) as improper access control. Veracode notes the vulnerable flow through the /...

5.3CVSS5.2AI score0.00533EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.5 views

PT-2023-22478 · Powerjob · Powerjob

Name of the Vulnerable Software and Affected Versions: PowerJob version 4.3.1 Description: The issue is related to Incorrect Access Control via the create app interface. Recommendations: For PowerJob version 4.3.1, consider restricting access to the create app interface until a fix is available. ...

5.3CVSS5AI score0.00533EPSS
Exploits1References8
CVE
CVE
added 2023/04/19 12:0 a.m.114 views

CVE-2023-29922

PowerJob V4.3.1 is affected by an Incorrect Access Control vulnerability in the create user/save interface. The root cause is insufficient authorization checks on the /user/save flow, potentially allowing an attacker to bypass authentication and perform unauthorized user creation. Documented deta...

5.3CVSS5.2AI score0.02998EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/19 12:0 a.m.7 views

CVE-2023-29921

PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface...

6.8AI score0.00533EPSS
Exploits1References1
NVD
NVD
added 2023/04/15 1:15 a.m.36 views

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

5.4CVSS5.4AI score0.01831EPSS
Exploits4References2
Prion
Prion
added 2023/04/15 1:15 a.m.15 views

Cross site scripting

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

4.9CVSS5.3AI score0.01831EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/15 12:0 a.m.6 views

CVE-2022-48178

X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...

5.4AI score0.01831EPSS
Exploits4References2
Rows per page
Query Builder