85 matches found
CVE-2026-27694 traccar allows stored HTML injection in notification emails
Traccar is an open source GPS tracking system. In org.traccar:traccar versions starting at 6.11.1 before 6.13.0, the email notification templates insert user-controlled device, geofence, and driver names into HTML email output without proper escaping. An attacker with low privileges can store...
EUVD-2021-21292
Malware in sbrugna...
EUVD-2008-1628
Malware in sbrugna...
CVE-2024-31946
An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript,...
[SECURITY] Fedora 40 Update: zabbix-6.0.39-1.fc40
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
[SECURITY] Fedora 42 Update: zabbix-7.2.5-1.fc42
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
IBM OpenPages with Watson 安全漏洞
IBM OpenPages with Watson is an AI-powered financial risk analytics solution from International Business Machines IBM. The platform is based on AI technology to predict risk factors and minimize risk in financial activities by integrating, automatically identifying, measuring, monitoring,...
[SECURITY] Fedora 40 Update: zabbix-6.0.33-1.fc40
Zabbix is software that monitors numerous parameters of a network and the health and integrity of servers. Zabbix uses a flexible notification mechanism that allows users to configure e-mail based alerts for virtually any event. This allows a fast reaction to server problems. Zabbix offers...
CVE-2024-31946
An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript,...
CVE-2024-31946
An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript,...
Stormshield Network Security Security Vulnerabilities
Stormshield Network Security SNS is a next-generation UTM Unified Threat Management firewall from the French company Stormshield. A security vulnerability exists in Stormshield Network Security SNS that stems from the ability of a user with write access on an email alert page to run malicious cod...
CVE-2024-31946
An issue was discovered in Stormshield Network Security SNS 3.7.0 through 3.7.41, 3.10.0 through 3.11.29, 4.0 through 4.3.24, and 4.4.0 through 4.7.4. A user who has access to the SNS with write access on the email alerts page has the ability to create alert email containing malicious JavaScript,...
CVE-2024-31946
CVE-2024-31946 affects Stormshield Network Security (SNS). A user with write access to the SNS email alerts page can craft an alert email containing malicious JavaScript that is executed in the template preview. Affected versions include 3.7.0–3.7.41, 3.10.0–3.11.29, 4.0–4.3.24, and 4.4.0–4.7.4. ...
PT-2024-24310 · Stormshield · Stormshield Network Security
Name of the Vulnerable Software and Affected Versions: Stormshield Network Security SNS versions 3.7.0 through 3.7.41 Stormshield Network Security SNS versions 3.10.0 through 3.11.29 Stormshield Network Security SNS versions 4.0 through 4.3.24 Stormshield Network Security SNS versions 4.4.0 throu...
How to Configure XenServer to Send System Alerts through Authenticated SMTP Servers
This article describes how to configure XenServer to send system alerts through SMTP servers that require authentication. Requirements Administrative access to a XenServer host console either directly, through SSH, or by using theConsoletab in XenCenter. Background Customers can configure XenServ...
CVE-2024-38351 Password auth and OAuth2 unverified email linking
Pocketbase is an open source web backend written in go. In affected versions a malicious user may be able to compromise other user accounts. In order to be exploited users must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: 1. a malicious actor register...
CVE-2023-35861
A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...
CVE-2023-35861
A shell-injection vulnerability in email notifications on Supermicro motherboards such as H12DST-B before 03.10.35 allows remote attackers to inject execute arbitrary commands as root on the BMC...
CVE-2023-32659
SUBNET PowerSYSTEM Center versions 2020 U10 and prior contain a cross-site scripting vulnerability that may allow an attacker to inject malicious code into report header graphic files that could propagate out of the system and reach users who are subscribed to email notifications...
Grafana 安全漏洞
Grafana is Grafana open source set of open source monitoring tools that provide a visual monitoring interface . The tool is mainly used to monitor and analyze Graphite, InfluxDB and Prometheus and so on. A security vulnerability exists in Grafana versions prior to 9.4.12, 9.5.3, and 9.5.3. The...