6060 matches found
Wolf CMS 0.8.3.1 - Remote Code Execution Vulnerability
Exploit Title: Wolf CMS 0.8.3.1 - Remote Code Execution RCE Exploit Author: Ahmet Ümit BAYRAM Vendor Homepage: https://wolf-cms.readthedocs.io Software Link: https://github.com/wolfcms/wolfcms Version: 0.8.3.1 Tested on: Kali Linux Steps to Reproduce Firstly, go to the "Files" tab. Click on the...
PT-2023-3026 · Wago · Wago Cc100 +4
Name of the Vulnerable Software and Affected Versions: WAGO PFC100 versions =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =16 and =23, update to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting access to the device...
CVE-2022-47876
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts...
CVE-2022-47876
The integrator in Jedox GmbH Jedox 2020.2.5 allows remote authenticated users to create Jobs to execute arbitrary code via Groovy-scripts...
PT-2023-2594 · Docker · Docker Desktop For Windows
Name of the Vulnerable Software and Affected Versions: Docker Desktop for Windows versions prior to 4.6.0 Description: The issue is related to a symlink attack on the hyperv/create dockerBackendV2 API, allowing attackers to overwrite any file by controlling the DataFolder parameter for...
CVE-2023-31043
EnterpriseDB EDB Postgres Advanced Server EPAS before 14.6.0 logs unredacted passwords in situations where optional parameters are used with CREATE/ALTER USER/GROUP/ROLE, and redacting was configured with edbfilterlog.redactpasswordcommands. The fixed versions are 10.23.33, 11.18.29, 12.13.17,...
PT-2023-23120 · Enterprisedb · Edb Postgres Advanced Server
Name of the Vulnerable Software and Affected Versions: EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 10.23.33 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 11.18.29 EnterpriseDB EDB Postgres Advanced Server EPAS versions prior to 12.13.17 EnterpriseDB EDB...
GHSA-C23V-VQW5-52C5 PowerJob vulnerable to Incorrect Access Control via the create user/save interface.
PowerJob v4.9.3 is vulnerable to Incorrect Access Control via the create user/save interface...
PowerJob vulnerable to Incorrect Access Control via the create user/save interface.
PowerJob v4.9.3 is vulnerable to Incorrect Access Control via the create user/save interface...
Improper access control
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create user/save interface...
GHSA-MPVF-6H9G-2HQ2 PowerJob Incorrect Access Control vulnerability
PowerJob v4.3.6 is vulnerable to Incorrect Access Control via the create app interface...
CVE-2023-29921
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface...
Linux kernel 资源管理错误漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux Kernel that originates from a corruption of the iscsiswtcpsessioncreate instruction responsible for freeing memory in the SCSI...
CVE-2023-29921
PowerJob V4.3.1 is affected by Incorrect Access Control via the create app interface, enabling an attacker to create apps without permission. The issue is described in multiple sources (e.g., Red Hat, GHSA/OSV, Veracode) as improper access control. Veracode notes the vulnerable flow through the /...
PT-2023-22478 · Powerjob · Powerjob
Name of the Vulnerable Software and Affected Versions: PowerJob version 4.3.1 Description: The issue is related to Incorrect Access Control via the create app interface. Recommendations: For PowerJob version 4.3.1, consider restricting access to the create app interface until a fix is available. ...
CVE-2023-29922
PowerJob V4.3.1 is affected by an Incorrect Access Control vulnerability in the create user/save interface. The root cause is insufficient authorization checks on the /user/save flow, potentially allowing an attacker to bypass authentication and perform unauthorized user creation. Documented deta...
CVE-2023-29921
PowerJob V4.3.1 is vulnerable to Incorrect Access Control via the create app interface...
CVE-2022-48178
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...
Cross site scripting
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...
CVE-2022-48178
X2CRM Open Source Sales CRM 6.6 and 6.9 was discovered to contain a stored cross-site scripting XSS vulnerability via the Create Action function, aka an index.php/actions/update URI...