EnterpriseDB Postgres Advanced Server Security Vulnerability

EnterpriseDB Postgres Advanced Server EPAS is an application from EnterpriseDB, Inc. used to extend the functionality of Postgres databases. A security vulnerability exists in EnterpriseDB Postgres Advanced Server that originates from the inclusion of the publicly executable functions geturlastex...

New PoolParty Process Injection Techniques Outsmart Top EDR Solutions

A new collection of eight process injection techniques, collectively dubbed PoolParty, could be exploited to achieve code execution in Windows systems while evading endpoint detection and response EDR systems. SafeBreach researcher Alon Leviev said the methods are "capable of working across all...

Structured Content < 1.6 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user...

CVE-2023-37572

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSFdiscovery service. The service executable could be changed or the service could be deleted...

Design/Logic Flaw

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSFdiscovery service. The service executable could be changed or the service could be deleted...

PT-2023-33072 · Lxd · Lxd

Name of the Vulnerable Software and Affected Versions: LXD affected versions not specified Description: A security issue allows users with restricted access to a project to gain root access on the system by creating a disk device with shift=true and creating a setuid root executable. This is...

CVE-2023-37572

Softing OPC Suite version 5.25 and before has Incorrect Access Control, allows attackers to obtain sensitive information via weak permissions in OSFdiscovery service. The service executable could be changed or the service could be deleted...

PT-2023-21833 · Qualcomm · Qualcomm Chipsets

Name of the Vulnerable Software and Affected Versions: Qualcomm Chipsets affected versions not specified Description: The issue concerns information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. Recommendations: At the moment, there is...

CVE-2023-5637

Unrestricted Upload of File with Dangerous Type vulnerability in ArslanSoft Education Portal allows Read Sensitive Strings Within an Executable. This issue affects Education Portal: before v1.1...

CVE-2023-5637

ArslanSoft Education Portal (before v1.1) is affected by CVE-2023-5637 due to an Unrestricted Upload of File with Dangerous Type vulnerability, which allows reading sensitive strings within an executable. The issue is described as a code issue in the Education Portal prior to v1.1. Exploitation d...

PT-2023-32228

Name of the Vulnerable Software and Affected Versions ArslanSoft Education Portal versions prior to 1.1 Description The issue allows for the unrestricted upload of files with dangerous types, enabling the reading of sensitive strings within an executable. Recommendations For versions prior to 1.1...

ArslanSoft Education Portal Code Issue Vulnerability

ArslanSoft Education Portal is an education portal from ArslanSoft, Inc. A code issue vulnerability exists in versions prior to ArslanSoft Education Portal v1.1 that stems from the presence of a file upload vulnerability. An attacker can use this vulnerability to read sensitive characters in an...

UBUNTU-CVE-2023-47039

A vulnerability was found in Perl. This security issue occurs while Perl for Windows relies on the system path environment variable to find the shell cmd.exe. When running an executable that uses the Windows Perl interpreter, Perl attempts to find and execute cmd.exe within the operating system...

CVE-2023-41812

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41812

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41812 Uploading executables via the file manager

Unrestricted Upload of File with Dangerous Type vulnerability in Pandora FMS on all allows Accessing Functionality Not Properly Constrained by ACLs. This vulnerability allowed PHP executable files to be uploaded through the file manager. This issue affects Pandora FMS: from 700 through 773...

CVE-2023-41812

Summary: Pandora FMS is affected by an unrestricted upload of files with dangerous types vulnerability (PHP executables) via the file manager, due to access to a function not properly constrained by ACLs. This affects Pandora FMS versions 700 through 773. Affected component: Pandora FMS file mana...

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...

CVE-2023-49102

NZBGet 21.1 allows authenticated remote code execution because the unarchive programs 7za and unrar preserve executable file permissions. An attacker with the Control capability can execute a file by setting the value of SevenZipCommand or UnrarCmd. NOTE: This vulnerability only affects products...