CVE-2022-39062

A vulnerability has been identified in SICAM TOOLBOX II All versions V07.10. Affected applications do not properly set permissions for product folders. This could allow an authenticated attacker with low privileges to replace DLLs and conduct a privilege escalation...

CVE-2022-48579

UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains...

OESA-2023-1473 qemu security update

QEMU is a FAST! processor emulator using dynamic translation to achieve good emulation speed. Security Fixes: A flaw was found in the QEMU Guest Agent service for Windows. A local unprivileged user may be able to manipulate the QEMU Guest Agent's Windows installer via repair custom actions to...

CVE-2023-4139 WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...

CVE-2023-4139 WP Ultimate CSV Importer <= 7.9.8 - Sensitive Information Exposure via Directory Listing

The WP Ultimate CSV Importer plugin for WordPress is vulnerable to Sensitive Information Exposure via Directory Listing due to missing restriction in export folder indexing in versions up to, and including, 7.9.8. This makes it possible for unauthenticated attackers to list and view exported file...

WordPress plugin WP Ultimate CSV Importer Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

FAQ: How does Malwarebytes ransomware rollback work?

As the old cybersecurity saying goes: "Its not if, but when." Everyone and their grandma have repeated this foreboding maxim about the nature of ransomware attacks, but sadly, that doesn't make it any less true. Time and again were reminded that ransomware can slip past even the best defenses...

Cross-site Scripting (XSS)

nilsteampassnet/teampass is vulnerable to Cross-site Scripting XSS. The vulnerability exists because the library does not properly encode or escape outputs, allowing an attacker to inject and execute malicious javascript through the index.php?page=folders endpoint when creating a new folder...

Vasion PrinterLogic Client 安全漏洞

Vasion PrinterLogic Client is a print management solution from Vasion. A security vulnerability exists in Vasion PrinterLogic Client Windows versions prior to 25.0.0.818, which stems from a binary file that can be executed from a subfolder in C:WindowsTemp during installation...

PT-2023-23675 · Vasion · Vasion Printerlogic Client

Name of the Vulnerable Software and Affected Versions: Vasion PrinterLogic Client for Windows versions prior to 25.0.0.818 Description: An issue was discovered in the Vasion PrinterLogic Client for Windows. During installation, binaries are executed out of a subfolder in C:WindowsTemp. A standard...

QWE DL v2.0.1 iOS - Persistent Cross Site Vulnerability

Document Title: =============== QWE DL v2.0.1 iOS - Persistent Cross Site Vulnerability References Source: ==================== https://www.vulnerability-lab.com/getcontent.php?id=2326 Release Date: ============= 2023-07-23 Vulnerability Laboratory ID VL-ID: ====================================...

PT-2023-25222 · Teampass · Teampass

Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.0.10 Description: The issue is related to improper encoding or escaping of output, which can lead to cross-site scripting filter bypass in folder names, potentially resulting in information disclosure...

Apache Zeppelin Improper Input Validation vulnerability

The improper Input Validation vulnerability in Move folder to Trash feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions...

GHSA-GM67-H5WR-W3CV Apache Zeppelin Improper Input Validation vulnerability

The improper Input Validation vulnerability in Move folder to Trash feature of Apache Zeppelin allows an attacker to delete the arbitrary files. This issue affects Apache Zeppelin Apache Zeppelin version 0.9.0 and prior versions...

PT-2023-3604

Name of the Vulnerable Software and Affected Versions: Copyparty versions prior to 1.8.2 Description: The issue is related to a path traversal vulnerability detected in the .cpr subfolder, allowing an attacker to access files, directories, and commands outside the web document root directory. Thi...

SUSE CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

CVAD 2203 CU2: Error: "Your OneDrive folder can't be created in the location you selected.”

On CVAD 2203 CU2, you followedhttps://docs.citrix.com/en-us/profile-management/current-release/configure/enable-the-onedrive-container.html to configure OneDrive Container with Citrix Profile Management but it does not work. The Policy was applied via Citrix Active Directory GPO...

UBUNTU-CVE-2023-2861

A flaw was found in the 9p passthrough filesystem 9pfs implementation in QEMU. The 9pfs server did not prohibit opening special files on the host side, potentially allowing a malicious client to escape from the exported 9p tree by creating and opening a device file in the shared folder...

CVE-2023-34598

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...

Design/Logic Flaw

Gibbon v25.0.0 is vulnerable to a Local File Inclusion LFI where it's possible to include the content of several files present in the installation folder in the server's response...