CVE-2023-6142 Dev Blog v1.0 - Stored XSS

Dev blog v1.0 allows to exploit an XSS through an unrestricted file upload, together with a bad entropy of filenames. With this an attacker can upload a malicious HTML file, then guess the filename of the uploaded file and send it to a potential victim...

CVE-2023-6144 Dev Blog v1.0 - ATO

Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. With this, an attacker can access any user's session just by knowing their username...

DEBIAN-CVE-2023-48039

GPAC 2.3-DEV-rev617-g671976fcc-master is vulnerable to memory leak in gfmpdparsestring mediatools/mpd.c:75...

Ubuntu 22.04 LTS / 23.04 / 23.10 : iniParser vulnerability (USN-6486-1)

The remote Ubuntu 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6486-1 advisory. It was discovered that iniParser incorrectly handled certain files. An attacker could possibly use this issue to cause a crash. Tenable has...

PT-2023-32542 · Dev Blog · Dev Blog

Name of the Vulnerable Software and Affected Versions: Dev blog version 1.0 Description: The issue allows for an account takeover through the user cookie, enabling an attacker to access any user's session by knowing their username. Recommendations: For Dev blog version 1.0, consider disabling the...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

open-vm-tools: file descriptor hijack vulnerability in the vmware-user-suid-wrapper

A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...

RHEL 8 : open-vm-tools (RHSA-2023:7262)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7262 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : HTML Tidy vulnerability (USN-6483-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6483-1 advisory. Neeraj Pal discovered that HTML Tidy incorrectly handled parsing certain HTML data. If a user or automated system were tricked into...

RHEL 8 : open-vm-tools (RHSA-2023:7261)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7261 advisory. The Open Virtual Machine Tools are the open source implementation of the VMware Tools. They are a set of guest operating system virtualizati...

CVE-2023-48013

GPAC v2.3-DEV-rev566-g50c2ab06f-master was discovered to contain a double free via the gffilterpacketdel function at /gpac/src/filtercore/filter.c...

WordPress Forminator Plugin <= 1.27.0 is vulnerable to Arbitrary File Upload

Software Forminator Type Plugin Vulnerable versions = 1.27.0 Fixed in 1.28.0 OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-6133 Patch priority Low CVSS severity Low 6.6 Developer WPMU DEV PSID e543496c8db2 Credits István Márton Required privilege Administrator...

CVE-2023-47384

MP4Box GPAC v2.3-DEV-rev617-g671976fcc-master was discovered to contain a memory leak in the function gfisomaddchapter at /isomedia/isomwrite.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted MP4 file...

CVE-2023-46621

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Enej Bajgoric / Gagan Sandhu / CTLT DEV User Avatar plugin = 1.4.11 versions...

CVE-2023-46621

CVE-2023-46621 is an unauthenticated cross-site scripting (XSS) vulnerability in the WordPress plugin User Avatar (ctltwp User Avatar) affecting versions up to and including 1.4.11 . The issue has a published CVE and is mitigated by upgrading to 1.4.12 or later. PatchStack corroborates the vulner...

CVE-2023-5998

Out-of-bounds Read in GitHub repository gpac/gpac prior to 2.3.0-DEV...

CVE-2023-5998

CVE-2023-5998 affects the gpac/gpac project (multimedia framework) with an Out-of-bounds Read vulnerability reported for builds prior to 2.3.0-DEV. The connected documents confirm the affected product/version and the issue type, but do not provide a remediation, patch version, or exploit details....