938 matches found
CVE-2023-36006
Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability...
CVE-2023-42479
An unauthenticated attacker can embed a hidden access to a Biller Direct URL in a frame which, when loaded by the user, will submit a cross-site scripting request to the Biller Direct system. This can result in the disclosure or modification of non-sensitive information...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Imagemagick
Fixed version of CVE-2022-44268 Some PoCs don't work for spec...
What Is The Cyber Kill Chain? Process & Model
Grasping the Fundamentals: A Study of the Cyber Harm Ladder Navigating the multifaceted universe of cybersecurity is similar to solving an evolving labyrinth. This world is awash with intricate principles and techniques; with the Cyber Harm Ladder gaining increasing focus in recent times. But, wh...
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems allows a hacker to execute arbitrary code.
The vulnerability of the WDAC OLE DB driver for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...
Cookies are sent to external images in rendered diff (and server side request forgery)
Impact The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that...
GHSA-7RFG-6273-F5WP Cookies are sent to external images in rendered diff (and server side request forgery)
Impact The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that...
Server side request forgery (ssrf)
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other...
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other...
CVE-2023-48240 XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other...
CVE-2023-47121
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...
Server side request forgery (ssrf)
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...
CVE-2023-47121 Discourse SSRF vulnerability in Embedding
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...
CVE-2023-47121 Discourse SSRF vulnerability in Embedding
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...
CVE-2023-47121 Discourse SSRF vulnerability in Embedding
Discourse is an open source platform for community discussion. Prior to version 3.1.3 of the stable branch and version 3.2.0.beta3 of the beta and tests-passed branches, the embedding feature is susceptible to server side request forgery. The issue is patched in version 3.1.3 of the stable branch...
PT-2023-30325 · Discourse · Discourse
Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.1.3 Discourse version 3.2.0.beta3 and earlier in the beta and tests-passed branches Description: Discourse is an open source platform for community discussion. The embedding feature is susceptible to server side...
Discourse Security Breach
Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse prior to version 3.1.3, which stems from the fact that the embedding functionality is susceptible to server-side request forgery...
The vulnerability of the WDAC OLE DB component for SQL Server on Windows operating systems allows a perpetrator to execute arbitrary code.
The vulnerability of the WDAC OLE DB component for SQL Server on Windows operating systems is related to insufficient validation of input data. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
PT-2023-5971 · Microsoft · Sql Server
Name of the Vulnerable Software and Affected Versions: Microsoft SQL Server affected versions not specified Description: The issue is related to insufficient input validation in the OLE DB driver for Microsoft SQL Server, which can be exploited to execute arbitrary code. This allows an attacker t...
PT-2023-27599 · Ibm · Daeja Viewone Virtual +1
Name of the Vulnerable Software and Affected Versions: IBM Content Navigator versions 3.0.11 through 3.0.14 with IBM Daeja ViewOne Virtual Description: This issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to...