CVE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

CVE-2023-32301 Discourse's canonical url not being used for topic embeddings

Discourse is an open source discussion platform. Prior to version 3.0.4 of the stable branch and version 3.1.0.beta5 of the beta and tests-passed branches, multiple duplicate topics could be created if topic embedding is enabled. This issue is patched in version 3.0.4 of the stable branch and...

PT-2023-23712 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to 3.0.4 Discourse version 3.1.0.beta5 and earlier in the beta and tests-passed branches Description: Discourse is an open source discussion platform. Multiple duplicate topics could be created if topic embedding is...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes features such as communities, email and chat rooms. A security vulnerability exists in Discourse versions prior to 3.0.4 stable, 3.1.0.beta5 and prior to 3.1.0.beta5, which stems from the possibility that multiple...

Yank Note 3.52.1 Arbitrary Code Execution

Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Date: 2023-04-27 Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product &...

Yank Note v3.52.1 (Electron) - Arbitrary Code Execution

Exploit Title: Yank Note v3.52.1 Electron - Arbitrary Code Execution Date: 2023-04-27 Exploit Author: 8bitsec CVE: CVE-2023-31874 Vendor Homepage: yank-note.com Software Link: https://github.com/purocean/yn Version: 3.52.1 Tested on: Ubuntu 22.04 | Mac OS 13 Release Date: 2023-04-27 Product &...

PT-2023-21779 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials disclosure within a trusted sessio...

PT-2023-21774 · Ibm · Ibm Planning Analytics Local

Name of the Vulnerable Software and Affected Versions: IBM Planning Analytics Local version 2.0 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

The vulnerability of the Windows OLE operating system technology, which allows a hacker to execute arbitrary code.

The vulnerability of the Windows OLE operating system is related to synchronization errors when using a shared resource. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Microsoft Windows OLE 安全漏洞

Microsoft OLE DB Provider for SQL Server is an API from Microsoft Corporation USA that allows access to data from a variety of sources in a unified way. A security vulnerability exists in Microsoft Windows OLE. The following products and editions are affected:Windows 10 Version 1809 for 32-bit...

PT-2023-2626 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in synchronization when using a shared resource in the Windows OLE technology, which can be exploited by a remote attacker to execute arbitrary code. This...

The vulnerability of ODBC and OLE DB drivers in the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of ODBC and OLE DB drivers in the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system allows a hacker to execute arbitrary code.

The vulnerability of the OLE DB driver for SQL Server on the Windows operating system exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

CVE-2023-2226

Due to insufficient validation in the PE and OLE parsers in Rapid7's Velociraptor versions earlier than 0.6.8 allows attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed, the attacker needs to be able to introduce malicious files to the system a...

Velocidex Velociraptor 缓冲区错误漏洞

Velocidex Velociraptor is a tool from Velocidex Australia that uses Velociraptor Query Language VQL queries to gather host-based state information. A security vulnerability exists in Velocidex Velociraptor versions prior to 0.6.8 that stems from insufficient validation of the PE and OLE parsers,...

PT-2023-18387 · Unknown · Velociraptor

Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.6.8 Description: The issue is caused by insufficient validation in the PE and OLE parsers, allowing an attacker to crash Velociraptor during parsing of maliciously malformed files. For this attack to succeed,...

Discourse 跨站脚本漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. Discourse suffers from a cross-site scripting vulnerability that originates from allowing embedding of Javascript via CSP, leading to user session hijacking. Affected product...

Pakistan-based Transparent Tribe Hackers Targeting Indian Educational Institutions

The Transparent Tribe threat actor has been linked to a set of weaponized Microsoft Office documents in intrusions directed against the Indian education sector to deploy a continuously maintained piece of malware called Crimson RAT. While the suspected Pakistan-based threat group is known to targ...

CVE-2023-23375

Microsoft ODBC and OLE DB Remote Code Execution Vulnerability...

CVE-2023-23375 Microsoft ODBC and OLE DB Remote Code Execution Vulnerability

...