275 matches found
GHSA-CVGC-MX2W-H3W8 The Front End User Registration extension for TYPO3 (sr_feuser_register) allows Insecure Direct Object Reference
The srfeuserregister extension through 12.4.8 for TYPO3 allows Insecure Direct Object Reference. This allows attackers to read arbitrary files...
CVE-2023-5964
The 1E-Exchange-DisplayMessageinstruction that is part of the End-User Interaction product pack available on the 1E Exchange does not properly validate the Caption or Message parameters, which allows for a specially crafted input to perform arbitrary code execution with SYSTEM permissions. This...
Citrix End User Experience Monitoring service fails to start on the VDA
Citrix End User Experience Monitoring service fails to start. When you try to start the service manually you get the error: service started and then stopped. CDF trace from the VDA shows the event: SemsController,NotMetricRelated Failed to start with exception: System.Security.SecurityException:...
UBUNTU-CVE-2022-49761
In the Linux kernel, the following vulnerability has been resolved: btrfs: always report error in runonedelayedref Currently we have a btrfsdebug for runonedelayedref failure, but if end users hit such problem, there will be no chance that btrfsdebug is enabled. This can lead to very little usefu...
CVE-2024-10719
CVE-2024-10719 affects phpipam 1.5.2, with a stored XSS in the circuits options feature. The vulnerability allows injecting malicious scripts via the option parameter in POST requests to /phpipam/app/admin/circuits/edit-options-submit.php, which can execute in the user’s browser and potentially l...
CVE-2024-11293 Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login <= 1.7.9 - Authentication Bypass via WordPress.com OAuth provider
The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.7.9. This is due to insufficient...
CVE-2023-52268
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub...
CVE-2023-52268
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub...
CVE-2023-52268
The End-User Portal module before 1.0.65 for FreeScout sometimes allows an attacker to authenticate as an arbitrary user because a session token can be sent to the /auth endpoint. NOTE: this module is not part of freescout-helpdesk/freescout on GitHub...
CVE-2023-52268
CVE-2023-52268 affects the FreeScout End-User Portal module pre-1.0.65. The root cause is improper session token handling at the /auth endpoint, enabling an attacker to authenticate as arbitrary users and impersonate them to access their tickets. Impact is high confidentiality/integrity loss with...
Exploit for CVE-2023-52268
FreeScout End-User Portal Authentication Bypass Exploit CVE-2...
PT-2024-14501 · Unknown · Freescout End-User Portal
Name of the Vulnerable Software and Affected Versions: FreeScout End-User Portal module versions prior to 1.0.65 Description: The issue allows an attacker to authenticate as an arbitrary user because a session token can be sent to the "/auth" endpoint. Recommendations: For versions prior to 1.0.6...
apache-avro: Schema parsing may trigger Remote Code Execution (RCE)
A vulnerability was found in Apache Avro. The project is affected and at risk if it accepts an org.apache.Avro/avroAvro schema for parsing provided by an end user. This flaw allows an attacker to trigger remote code execution by using the special "java-class" attribute...
CVE-2024-47122
In the goTenna Pro App, the encryption keys are stored along with a static IV on the End User Device EUD. This allows for complete decryption of keys stored on the EUD if physically compromised. This allows an attacker to decrypt all encrypted broadcast communications based on encryption keys...
This Windows PowerShell Phish Has Scary Potential
ManyGitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing...
PT-2024-39177 · Palo Alto Networks · Pan-Os
Name of the Vulnerable Software and Affected Versions: Palo Alto Networks PAN-OS affected versions not specified Description: An information exposure issue exists in the software, allowing a GlobalProtect end user to obtain the configured GlobalProtect uninstall password and the configured disabl...
Atlassian Confluence 7.20.x < 8.5.14 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.26, 7.20.x prior to 8.5.14, 8.6.x prior to 8.9.5 or 9.0.x prior to 9.0.1. It is, therefore, affected by a reflected Cross-Site Scripting XSS and a CSRF Cross-Site Reques...
Atlassian Confluence 9.0.x < 9.0.1 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.26, 7.20.x prior to 8.5.14, 8.6.x prior to 8.9.5 or 9.0.x prior to 9.0.1. It is, therefore, affected by a reflected Cross-Site Scripting XSS and a CSRF Cross-Site Reques...
CVE-2024-5786 Cross-Site Request Forgery vulnerability in Comtrend router
Cross-Site Request Forgery vulnerability in Comtrend router WLD71-T1v2.0.201820, affecting the GRG-4280us version. This vulnerability allows an attacker to force an end user to execute unwanted actions in a web application to which he is authenticated...
CVE-2023-37539
The Domino Catalog template is susceptible to a Stored Cross-Site Scripting XSS vulnerability. An attacker with the ability to edit documents in the catalog application/database created from this template can embed a cross site scripting attack. The attack would be activated by an end user clicki...