CVE-2021-45811

CVE-2021-45811 is a confirmed SQL injection vulnerability in osTicket 1.15.x, affecting the Search functionality on tickets.php where authenticated users can manipulate the query via the combination of the keywords and topic_id URL parameters. The issue allows attackers to execute arbitrary SQL c...

CVE-2021-45811

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket 1.15.x allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

Absence of Start-End Time Validation in Range Creation

Lines of code Vulnerability details The code allows the creation of a Range structure without ensuring that startTime is strictly less than endTime. The absence of this validation might lead to unintended behavior or logical errors in functionalities that rely on the order of these timestamps...

Code injection

SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality...

CVE-2020-10129 CVE-2020-10129

SearchBlox before Version 9.2.1 is vulnerable to Privileged Escalation-Lower user is able to access Admin functionality...

W3LL Store: How a Secret Phishing Syndicate Targets 8,000+ Microsoft 365 Accounts

A previously undocumented "phishing empire" has been linked to cyber attacks aimed at compromising Microsoft 365 business email accounts over the past six years. "The threat actor created a hidden underground market, named W3LL Store, that served a closed community of at least 500 threat actors w...

Citrix DaaS - The Published resource is not available currently. try again later

After migrating from on premise to Citrix Cloud, users facing issues when launching apps via DaaS only via native CWA. Launching via web browser works as expected. Users are getting error: Transaction ID: xxxxxxxxxxxxxxxxx The resource is not available at the moment. Please try again later. Issue...

CVE-2023-32615

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitrary file creation or overwrite. An attacker can send a sequence of requests to trigger this...

PT-2023-25087 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version 18.00.0072 Description: An authentication bypass issue exists in the OAS Engine functionality. A specially crafted series of network requests can lead to arbitrary authentication. An attacker can...

Information Disclosure

RestrictedPython is vulnerable to Information Disclosure. The vulnerability arises due to the format functionality in Python which allows someone controlling the format string to "read" data from objects, including sensitive information. This vulnerability could potentially allow an attacker to...

CVE-2023-31170

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

CVE-2023-31168

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

Design/Logic Flaw

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

CVE-2023-31170

SEL-5030 acSELerator QuickSet Software is affected up to version 7.1.3.0 by CVE-2023-31170, described as an Inclusion of Functionality from Untrusted Control Sphere issue. The vulnerability could allow an attacker to embed instructions that could be executed by an authorized device operator. Conn...

CVE-2023-31168 Inclusion of Functionality from Untrusted Control Sphere

An Inclusion of Functionality from Untrusted Control Sphere vulnerability in the Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet Software could allow an attacker to embed instructions that could be executed by an authorized device operator. See Instruction Manual Appendix A and...

CVE-2023-41738

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2023-41738

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2023-41739

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors...

Command injection

Improper neutralization of special elements used in an OS command 'OS Command Injection' vulnerability in Directory Domain Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to execute arbitrary commands via unspecified vectors...

CVE-2023-41739

Uncontrolled resource consumption vulnerability in File Functionality in Synology Router Manager SRM before 1.3.1-9346-6 allows remote authenticated users to conduct denial-of-service attacks via unspecified vectors...