6323 matches found
Cross site scripting
Cross Site Scripting XSS vulnerability in Netbox 3.5.1, allows attackers to execute arbitrary code via Name field in device-roles/add function...
CVE-2023-38886
An issue in Dolibarr ERP CRM v.17.0.1 and before allows a remote privileged attacker to execute arbitrary code via a crafted command/script...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
CVE-2023-42362
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file...
CVE-2023-42362
An arbitrary file upload vulnerability in Teller Web App v.4.4.0 allows a remote attacker to execute arbitrary commands and obtain sensitive information via uploading a crafted file...
CVE-2023-40868
Cross Site Request Forgery vulnerability in mooSocial MooSocial Software v.Demo allows a remote attacker to execute arbitrary code via the Delete Account and Deactivate functions...
CVE-2023-36250
CSV Injection vulnerability in GNOME time tracker version 3.0.2, allows local attackers to execute arbitrary code via crafted .tsv file when creating a new record...
CVE-2023-39070
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
USN-6164-2: c-ares vulnerabilities
USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Original advisory details: Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares ...
CVE-2023-39070
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
CVE-2023-39070
An issue in Cppcheck 2.12 dev allows a local attacker to execute arbitrary code via the removeContradiction parameter in token.cpp:1934...
Security Bulletin: There is a vulnerabiliy in SQLite JDBC used by IBM Maximo Asset Management (CVE-2023-32697)
Summary There is a vulnerabiliy in SQLite JDBC used by IBM Maximo Asset Management. Vulnerability Details CVEID:CVE-2023-32697 DESCRIPTION: SQLite JDBC could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw when JDBC url is attacker controlled. By...
CVE-2023-38485
Vulnerabilities exist in the BIOS implementation of Aruba 9200 and 9000 Series Controllers and Gateways that could allow an attacker to execute arbitrary code early in the boot sequence. An attacker could exploit this vulnerability to gain access to and change underlying sensitive information in...
CVE-2023-3472
Panasonic KW Watcher software contains a use-after-free vulnerability (CVE-2023-3472) affecting versions 1.00 through 2.82. The issue may allow an attacker to execute arbitrary code when a crafted configuration file is processed. Public sources consistently describe impact as arbitrary code execu...
KLA59908 Multiple vulnerabilities in Google Chrome
Multiple vulnerabilities were found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, spoof user interface, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Out of bounds memory access vulnerability in FedCM can be exploited to...
Medium: spice-protocol
Issue Overview: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code. CVE-2018-10893 Affected Packages: spice-protocol Note: This advisory...
CVE-2023-40980
File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...
CVE-2023-40980
File Upload vulnerability in DWSurvey DWSurvey-OSS v.3.2.0 and before allows a remote attacker to execute arbitrary code via the saveimage method and savveFile in the action/UploadAction.java file...
Cross site scripting
A cross-site scripting XSS vulnerability in General Solutions Steiner GmbH CASE 3 Taskmanagement V 3.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the executionBlockName parameter...
Cross site scripting
Cross Site Scripting Vulnerability in BluditCMS v.3.14.1 allows attackers to execute arbitrary code via the Categories Friendly URL...