CVE-2021-3784

Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This...

PYSEC-2023-311

plone.namedfile allows users to handle File and Image fields targeting, but not depending on, Plone Dexterity content. Prior to versions 5.6.1, 6.0.3, 6.1.3, and 6.2.1, there is a stored cross site scripting vulnerability for SVG images. A security hotfix from 2021 already partially fixed this by...

Jedox 2020.2.5 Database Credential Disclosure

Exploit Title: Jedox 2020.2.5 - Disclosure of Database Credentials via Improper Access Controls Date: 28/04/2023 Exploit Author: Team Syslifters / Christoph MAHRL, Aron MOLNAR, Patrick PIRKER and Michael WEDL Vendor Homepage: https://jedox.com Version: Jedox 2020.2 20.2.5 and older CVE :...

Download Manager Pro < 6.3.0 - Unauthenticated Sensitive Information Disclosure

The plugin leaks master key information without the need for a password, allowing attackers to download arbitrary password-protected package files. - Create a password protected package containing one or more files. - Navigate to the download page of the package e.g. /download/package1 - Inspect...

CVE-2023-26083

creationtimestamp| type| source ---|---|--- 2023-04-06 20:27:19+00:00| seen| https://t.me/cibsecurity/61577 2023-04-11 15:15:35+00:00| seen| MISP/2d3ed23f-5aeb-49d0-8f55-2cad1cb7c4a4 2023-06-14 21:10:04+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2023-07-07 11:38:40+00:00| exploited|...

pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Exploit

Exploit Title: pimCore v5.4.18-skeleton - Sensitive Cookie with Improper SameSite Attribute Author: nu11secur1ty Vendor: https://pimcore.com/en Software: https://packagist.org/packages/pimcore/skeleton Reference:...

The vulnerability of the Exiv2 metadata management library commands, related to executing a loop with an unreachable exit condition, allows a hacker to cause a service failure.

The vulnerability of the Exiv2 metadata management library commands is related to the execution of a loop with an unreachable exit condition. Exploiting this vulnerability could allow a malicious actor to cause service failure by using a specially created image file...

CVE-2023-28338

Any request send to a Netgear Nighthawk Wifi6 Router RAX30's web service containing a “Content-Type” of “multipartboundary=” will result in the request body being written to “/tmp/mulipartFile” on the device itself. A sufficiently large file will cause device resources to be exhausted, resulting ...

CVE-2023-0025

SAP Solution Manager BSP Application - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources...

risheesh debutsav SQL注入漏洞

risheesh debutsav is a risheesh open source application. risheesh debutsav suffers from a SQL injection vulnerability. An attacker exploits this vulnerability to cause sql injection...

CVE-2022-3928

Hardcoded credential is found in affected products' message queue. An attacker that manages to exploit this vulnerability will be able to access data to the internal message queue. This issue affects FOXMAN-UN product: FOXMAN-UN R15B, FOXMAN-UN R15A, FOXMAN-UN R14B, FOXMAN-UN R14A, FOXMAN-UN R11B...

CVE-2022-28281

If a compromised content process sent an unexpected number of WebAuthN Extensions in a Register command to the parent process, an out of bounds write would have occurred leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird 91.8, Firefox 99, and...

CVE-2022-26579

PAX A930 device with PayDroid7.1.1VirgoV04.3.26T120210419 can allow a root privileged attacker to install unsigned packages. The attacker must have shell access to the device and gain root privileges in order to exploit this vulnerability...

Super Xray Code Issue Vulnerability

Super Xray is an excellent vulnerability scanning tool by 4ra1n individual developers. A code issue exists in versions of Super Xray prior to 0.7, which stems from a program configuration that confirms that trusted inputs will be stored in a yaml file, which can be exploited by an attacker with...

CVE-2022-44650

A memory corruption vulnerability in the Unauthorized Change Prevention service of Trend Micro Apex One and Apex One as a Service could allow a local attacker to elevate privileges on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on...

CVE-2022-20949

A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly...

CVE-2022-30579 TIBCO Spotfire Server Blind SSRF vulnerability

The Web Player component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace and TIBCO Spotfire Server contains a difficult to exploit vulnerability that allows a low privileged attacker with network access to execute blind Server Side Request Forgery SSRF on the affect...

Security Bulletin: Multiple Vulnerabilities in Expat component shipped with IBM Rational ClearCase ( CVE-2021-45960, CVE-2021-46143 )

Summary libexpat is a stream-oriented XML parser library used by IBM Rational ClearCase. IBM Rational ClearCase has addressed the applicable CVEs. Vulnerability Details CVEID:CVE-2021-46143 DESCRIPTION: Expat could allow a remote attacker to execute arbitrary code on the system, caused by an...

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition, related to deficiencies in the authentication process, allows attackers to circumvent existing security restrictions.

The vulnerability of the Git-based software platform for collaborative code development in GitLab Enterprise Edition is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to circumvent existing security restrictions when using trigger...

The vulnerability of Adobe InDesign’s computer layout automation tool, related to writing beyond the buffer in memory, allows a hacker to execute arbitrary code.

The vulnerability of Adobe InDesign’s computer layout automation tool is related to writing beyond the buffer boundaries in memory. Exploiting this vulnerability can allow an attacker to execute arbitrary code using specially created data...