Security Bulletin: IBM HTTP Server is vulnerable to multiple vulnerabilities due to the included Apache HTTP Server

Summary There are multiple vulnerabilities in the IBM HTTP Server, which is used by IBM WebSphere Application Server, due to the included Apache HTTP Server. Vulnerability Details CVEID:CVE-2024-38472 DESCRIPTION: Apache HTTP Server is vulnerable to server-side request forgery, caused by improper...

(0Day) VIPRE Advanced Security Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of VIPRE Advanced Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the Anti...

CVE-2024-40318

CVE-2024-40318 is an arbitrary file upload vulnerability in Webkul Qloapps v1.6.0.0 that enables remote code execution. The root cause involves bypassing file upload restrictions via crafted uploads, with the Red Hat/NVD OSV entries and PT Security notes corroborating a code-execution outcome. Im...

CVE-2024-38944

An issue in Intelight X-1L Traffic controller Maxtime v.1.9.6 allows a remote attacker to execute arbitrary code via the /cgi-bin/generateForm.cgi?formID=142 component...

CVE-2024-6963

The CVE-2024-6963 issue affects Tenda O3 version 1.0.0.10, in the formexeCommand function where manipulating the cmdinput parameter causes a stack-based buffer overflow. This can be triggered remotely and an exploit has been disclosed publicly. No patch details are provided in the sources; a prac...

GHSA-47MC-QMH2-MQJ4 Automad arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file. The malicious file has to be prepared and uploaded manually by the admin. Usually there is only one admin per site and that is the owner...

CVE-2024-41597

Cross Site Request Forgery vulnerability in ProcessWire v.3.0.229 allows a remote attacker to execute arbitrary code via a crafted HTML file to the comments functionality...

CVE-2024-40400

An arbitrary file upload vulnerability in the image upload function of Automad v2.0.0 allows attackers to execute arbitrary code via a crafted file...

CVE-2024-40400

CVE-2024-40400 is an arbitrary file upload vulnerability in Automad v2.0.0’s image upload function. The underlying issue allows an attacker to upload a crafted file and execute arbitrary code on the server. CVSSv3.1 base metrics indicate network access, low attack complexity, and required privile...

CVE-2024-20296

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to upload arbitrary files to an affected device. To exploit this vulnerability, an attacker would need at least valid Policy Admin credentials on the affected...

Security Bulletin: IBM MaaS360 Cloud Extender VPN Module affected by vulnerability (CVE-2024-4741)

Summary Vulnerability contained within OpenSSL a 3rd party component was addressed in the IBM MaaS360 VPN Module. Vulnerability Details CVEID:CVE-2024-4741 DESCRIPTION: OpenSSL could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw in the...

PT-2024-4846 · Cisco · Cisco Secure Email Gateway

Name of the Vulnerable Software and Affected Versions: Cisco Secure Email Gateway affected versions not specified Description: A vulnerability in the content scanning and message filtering features could allow an unauthenticated, remote attacker to overwrite arbitrary files on the underlying...

CVE-2024-40516

An issue in H3C Technologies Co., Limited H3C Magic RC3000 RC3000V100R009 allows a remote attacker to execute arbitrary code via the Routing functionality...

Ubuntu: Security Advisory (USN-6897-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Ghostscript vulnerabilities (USN-6897-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6897-1 advisory. It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue t...

CVE-2024-40545

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/doUpload of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-40548

An arbitrary file upload vulnerability in the component /admin/cmsTemplate/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

CVE-2024-40546

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...

Security Bulletin: pdfmake vulnerability affect IBM Spectrum Control

Summary Vulnerability in pdfmake could allow a remote attacker to execute arbitrary code on the system, which could affect IBM Spectrum Control. CVE-2024-25180. Vulnerability Details CVEID:CVE-2024-25180 DESCRIPTION: pdfmake could allow a remote attacker to execute arbitrary code on the system,...

CVE-2024-40546

An arbitrary file upload vulnerability in the component /admin/cmsWebFile/save of PublicCMS v4.0.202302.e allows attackers to execute arbitrary code via uploading a crafted file...