PT-2023-26652 · Unknown · Gugoan Economizzer

Name of the Vulnerable Software and Affected Versions: gugoan Economizzer version 0.9-beta1 gugoan Economizzer commit 3730880 April 2023 Description: The issue is related to Clickjacking, also known as a "UI redress attack", where an attacker uses multiple transparent or opaque layers to trick a...

CVE-2023-32541

A use-after-free vulnerability exists in the footerr functionality of Hancom Office 2020 HWord 11.0.0.7520. A specially crafted .doc file can lead to a use-after-free. An attacker can trick a user into opening a malformed file to trigger this vulnerability...

PT-2023-23864 · Hancom · Hancom Office 2020 Hword

Name of the Vulnerable Software and Affected Versions: Hancom Office 2020 HWord version 11.0.0.7520 Description: A use-after-free issue exists in the footerr functionality. This can be triggered by a specially crafted .doc file, potentially allowing an attacker to exploit the vulnerability by...

CVE-2023-35002

A heap-based buffer overflow vulnerability exists in the pictwread functionality of Accusoft ImageGear 20.1. A specially crafted malformed file can lead to arbitrary code execution. An attacker can provide a malicious file to trigger this vulnerability...

SUSE SLES15 Security Update : kernel (SUSE-SU-2023:3599-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3599-2 advisory. The SUSE Linux Enterprise 15 SP5 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

SUSE SLES15 Security Update : kernel (SUSE-SU-2023:3600-2)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3600-2 advisory. The SUSE Linux Enterprise 15 SP4 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: -...

How to change the DNS for a Citrix Hypervisor

Change the DNS for Citrix Hypervisor...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3683-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3683-1 advisory. The SUSE Linux Enterprise 15 SP4 kernel was updated to receive various security and bugfixes. Th...

SUSE SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2023:3684-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3684-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security and bugfixes. The following security...

CVE-2023-32649

A Denial of Service Dos vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, allows an unauthenticated attacker to crash the IDS module by sending specially crafted malformed network packets...

CVE-2023-29245

A SQL Injection vulnerability in Nozomi Networks Guardian and CMC, due to improper input validation in certain fields used in the Asset Intelligence functionality of our IDS, may allow an unauthenticated attacker to execute arbitrary SQL statements on the DBMS used by the web application by sendi...

Authenticated SQL Injection on Query functionality in Guardian/CMC before 22.6.3 and 23.1.0

Summary A SQL Injection vulnerability has been found in Nozomi Networks Guardian and CMC, due to improper input validation in certain parameters used in the Query functionality. Impact Authenticated users may be able to execute arbitrary SQL statements on the DBMS used by the web application...

Mars: RXSS on ████ via q parameter

A reflected Cross-Site Scripting XSS vulnerability was identified on the ████████ website at the search endpoint. The vulnerability was present in the 'q' parameter of the search functionality, where user-supplied input was reflected back to the page without proper sanitization or encoding...

AlmaLinux 9 : kernel-rt (ALSA-2023:5091)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:5091 advisory. - A flaw that boot CPU could be vulnerable for the speculative execution behavior kind of attacks in the Linux kernel X86 CPU Power management options...

CVE-2023-4915

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...

CVE-2023-4153

The BAN Users plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 1.5.3 due to a missing capability check on the 'w3devsavebanusersettingscallback' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber,...

PT-2023-23132 · Tsplus · Tsplus Remote Access

Name of the Vulnerable Software and Affected Versions: TSplus Remote Access versions through 16.0.2.14 Description: An issue was discovered where credentials are stored as cleartext within the HTML source code of the login page. Recommendations: For versions through 16.0.2.14, consider disabling...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

Sql injection

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...