CVE-2023-23314

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file...

CVE-2023-23314

An arbitrary file upload vulnerability in the /api/upload component of zdir v3.2.0 allows attackers to execute arbitrary code via a crafted .ssh file...

Code injection

An issue was discovered in Electerm 1.3.22, allows attackers to execute arbitrary code via unverified request to electerms service...

XpressEngine vulnerable to Unrestricted Upload of File with Dangerous Type

When uploading an image file to a bulletin board developed with XpressEngine, a vulnerability in which an arbitrary file can be uploaded due to insufficient verification of the file. A remote attacker can use this vulnerability to execute arbitrary code on the server where the bulletin board is...

CVE-2023-23012

Cross Site Scripting XSS vulnerability in craigrodway classroombookings 2.6.4 allows attackers to execute arbitrary code or other unspecified impacts via the input bgcol in file Weeks.php...

Ubuntu: Security Advisory (USN-5809-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

KLA20163 Multiple vulnerabilities in Microsoft Browser

Multiple vulnerabilities were found in Microsoft Browser. Malicious users can exploit these vulnerabilities to cause denial of service, gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Implementation vulnerability in File System API can be exploited to caus...

USN-5799-1: Linux kernel (OEM) vulnerability

Kyle Zeng discovered that the sysctl implementation in the Linux kernel contained a stack-based buffer overflow. A local attacker could use this to cause a denial of service system crash or execute arbitrary code...

CVE-2022-46610

72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

CVE-2022-46610

CVE-2022-46610 affects 72crm v9. The issue is an arbitrary file upload via the avatar upload function, allowing execution of crafted PHP code. Underlying cause: improper handling of uploaded files in the avatar feature (no details on root cause beyond the description). Impact per sources: potenti...

Mozilla Thunderbird Security Advisory (MFSA2020-26) - Windows

Mozilla Thunderbird is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mozilla:thunderbird";...

CVE-2022-46610

72crm v9 was discovered to contain an arbitrary file upload vulnerability via the avatar upload function. This vulnerability allows attackers to execute arbitrary code via a crafted PHP file...

Security Bulletin: B2B API of IBM Sterling B2B Integrator is vulnerable to multiple issues due to FasterXML jackson-databind

Summary IBM Sterling B2B Integrator has addressed the security vulnerabilities in jackson-databind in B2B API. Vulnerability Details CVEID:CVE-2019-20330 DESCRIPTION: A lacking of certain net.sf.ehcache blocking in FasterXML jackson-databind has an unknown impact and attack vector. CVSS Base scor...

USN-5787-2: Libksba vulnerability

USN-5787-1 fixed vulnerabilities in Libksba. This update provides the corresponding updates for Ubuntu 16.04 ESM and Ubuntu 14.04 ESM. Original advisory details: It was discovered that Libksba incorrectly handled parsing CRL signatures. A remote attacker could use this issue to cause Libksba to...

Ubuntu: Security Advisory (USN-5788-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu: Security Advisory (USN-5787-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Content Navigator is affected by Apache Commons Text due to IBM Content Manager onDemand connector [CVE-2022-42889]

Summary Apache Commons Text is used by IBM Content Navigator on container as part of the IBM Content Manager onDemand connector. CVE-2022-42889 The vulnerability has been addressed. Vulnerability Details CVEID:CVE-2022-42889 DESCRIPTION: Apache Commons Text could allow a remote attacker to execut...

TRENDnet TEW-755AP stack overflow vulnerability (CNVD-2023-18945)

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the updatefilename parameter of the autoupfw sub420A04 function, which can be exploited by an attacker to execute arbitrary...

TRENDnet TEW-755AP stack overflow vulnerability (CNVD-2023-18948)

The TRENDnet TEW-755AP is a router from TRENDnet. The TRENDnet TEW-755AP suffers from a stack overflow vulnerability that stems from a lack of size checking of input data in the REMOTEUSER parameter of the getaccess sub45AC2C function, which can be exploited by an attacker to execute arbitrary co...

USN-5784-1: usbredir vulnerability

It was discovered that usbredir incorrectly handled memory when serializing large amounts of data in the case of a slow or blocked destination. An attacker could possibly use this issue to cause applications using usbredir to crash, resulting in a denial of service, or possibly execute arbitrary...