112 matches found
CVE-2023-52325
A local file inclusion vulnerability in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. Please note: this vulnerability must be used in conjunction with another one to exploit an affected system. In addition, an attacker...
CVE-2023-52324
An unrestricted file upload vulnerability in Trend Micro Apex Central could allow a remote attacker to create arbitrary files on affected installations. Please note: although authentication is required to exploit this vulnerability, this vulnerability could be exploited when the attacker has any...
PT-2024-14524 · Trend Micro · Trend Micro Apex Central
Name of the Vulnerable Software and Affected Versions: Trend Micro Apex Central affected versions not specified Description: A local file inclusion issue in one of Trend Micro Apex Central's widgets could allow a remote attacker to execute arbitrary code on affected installations. This issue must...
Exploit for Code Injection in Jetbrains Youtrack
CVE-2022-24442: FreeMarker Server-Side Template Injection in J...
Exploit for Deserialization of Untrusted Data in Magnolia-Cms Magnolia_Cms
CVE-2021-46364: YAML Deserialization in Magnolia CMS Magnolia...
PT-2023-9586 · Cisco · Cisco Secure Firewall Management Center
Name of the Vulnerable Software and Affected Versions: Cisco Secure Firewall Management Center FMC Software affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker to read arbitrary files from the underlying...
PT-2023-5034 · Cisco · Cisco Fxos
Name of the Vulnerable Software and Affected Versions: Cisco FXOS Software affected versions not specified Description: A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device,...
PT-2023-4613 · Cisco · Cisco Thousandeyes Enterprise Agent
Name of the Vulnerable Software and Affected Versions: Cisco ThousandEyes Enterprise Agent, Virtual Appliance installation type affected versions not specified Description: A vulnerability in the CLI of Cisco ThousandEyes Enterprise Agent could allow an authenticated, local attacker to elevate...
CVE-2023-20164
Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected...
PT-2023-3314 · Cisco · Cisco Small Business Rv320 +1
Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers affected versions not specified Description: The web-based management interface of the affected devices has insufficient validation of user-supplied input, which could allow an...
CVE-2023-0432
The web configuration service of the affected device contains an authenticated command injection vulnerability. It can be used to execute system commands on the operating system OS from the device in the context of the user "root." If the attacker has credentials for the web service, then the...
PT-2023-4759 · Minio +2 · Minio +2
Name of the Vulnerable Software and Affected Versions: Minio versions prior to RELEASE.2023-03-20T20-16-18Z Description: The issue is related to the PostPolicyBucket component of the Minio Multi-Cloud Object Storage framework. An attacker can use crafted requests to bypass metadata bucket name...
CVE-2023-0888
An improper neutralization of directives in dynamically evaluated code vulnerability in the WiFi Battery embedded web server in versions L90/U70 and L92/U92 can be used to gain administrative access to the WiFi communication module. An authenticated user, having access to both the medical device...
PT-2023-1277 · Cisco · Cisco Small Business Rv260 +4
Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV160 and RV260 Series VPN Routers affected versions not specified Cisco Small Business RV160, RV160W, RV260, RV260P, and RV260W affected versions not specified Description: A vulnerability in the web-based management...
CVE-2022-20928
A vulnerability in the authentication and authorization flows for VPN connections in Cisco Adaptive Security Appliance ASA Software and Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to establish a connection as a different user. This vulnerability is due to...
CVE-2022-44795
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...
CVE-2022-44795
An issue was discovered in Object First Ootbi BETA build 1.0.7.712. A flaw was found in the Web Service, which could lead to local information disclosure. The command that creates the URL for the support bundle uses an insecure RNG. That can lead to prediction of the generated URL. As a result, a...
PT-2022-6668 · Cisco · Cisco Small Business 500 Series Stackable Managed Switches +2
Name of the Vulnerable Software and Affected Versions: Cisco Small Business 200 Series Smart Switches affected versions not specified Cisco Small Business 300 Series Managed Switches affected versions not specified Cisco Small Business 500 Series Stackable Managed Switches affected versions not...
PT-2022-6234 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive...
CVE-2022-20898
Multiple vulnerabilities in the web-based management interface of Cisco Small Business RV110W, RV130, RV130W, and RV215W Routers could allow an authenticated, remote attacker to execute arbitrary code on an affected device or cause the device to restart unexpectedly, resulting in a denial of...