CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

Design/Logic Flaw

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

Security Bulletin: IBM MQ is affected by vulnerabilities in libcURL (CVE-2023-23916, CVE-2023-27535)

Summary Multiple issues were identified within the libcurl library that affect IBM MQ. IBM MQ uses libcurl to provide HTTPURL functionality which is only used to download remote CCDT files and is not used to send or receive messages. Vulnerability Details CVEID:CVE-2023-23916 DESCRIPTION: cURL...

CVE-2023-27083

An issue discovered in /admin.php in Pluck CMS 4.7.15 through 4.7.16-dev5 allows remote attackers to run arbitrary code via manage file functionality...

PT-2023-20941 · Pluck Cms · Pluck Cms

Name of the Vulnerable Software and Affected Versions: Pluck CMS versions 4.7.15 through 4.7.16-dev5 Description: A remote code execution issue was found in the /admin.php file of Pluck CMS, allowing attackers to execute arbitrary code through the manage file functionality. Recommendations: For...

CVE-2023-31411

A remote unprivileged attacker can modify and access configuration settings on the EventCam App due to the absence of API authentication. The lack of authentication in the API allows the attacker to potentially compromise the functionality of the EventCam App...

CVE-2023-3318

A vulnerability was found in SourceCodester Resort Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation of the argument page leads to cross site scripting. The attack can be launched remotely. The exploit has been...

SUSE-SU-2023:2535-1 Security update for xen

This update for xen fixes the following issues: Security fixes: - CVE-2022-42336: Fix an issue where guests configuring AMD Speculative Store Bypass Disable would have no effect XSA-431 bsc1211433. - CVE-2022-42335: Fixed an issue where guests running under shadow mode with a PCI devices passed...

SourceCodester Resort Management System 跨站脚本漏洞

Sourcecodester Online Resort Management System is an open source web-based application that provides online room reservations and can also be used as a simple website for resorts. A cross-site scripting vulnerability exists in the SourceCodester Resort Management System version 1.0, which stems...

PT-2023-25347 · Nintendo · Mario Kart Wii

Name of the Vulnerable Software and Affected Versions: Mario Kart Wii versions RMCP01, RMCE01, RMCJ01, and RMCK01 Description: A buffer overflow in Mario Kart Wii can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet. Recommendations: For versions...

Contact Form by WD <= 1.13.23 - Admin+ SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by high privilege users such as admin 1. When editing a form, go to "Settings MySQL Mapping". 2. Click "Add a Query" 3. When mapping the form to the database in...

CVE-2023-2976

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...

Design/Logic Flaw

Use of Java's default temporary directory for file creation in FileBackedOutputStream in Google Guava versions 1.0 to 31.1 on Unix systems and Android Ice Cream Sandwich allows other users and apps on the machine with access to the default Java temporary directory to be able to access the files...

It is not possible to execute actions that require ETH (or other protocol token)

Lines of code Vulnerability details Details Actions can have value attached to them. That means when action is being executed, a certain amount of ETH or other protocol token need to be sent by the caller with the contract call. This is why LlamaCore.executeAction is payable function...

THERE IS NO INPUT VALIDATION FOR CRITICAL STATE VARIABLES WHICH COULD BREAK THE CORE FUNCTIONALITY OF THE PROTOCOL

Lines of code Vulnerability details Impact In the LlamaAbsoluteStrategyBase.queuingPeriod variable denotes the minimum time in seconds between queueing and execution of action. The LlamaAbsoluteStrategyBase.minExecutionTime returns the block.timestamp + queuingPeriod timestamp. Here queuingPeriod...

CVE-2022-43684

ServiceNow has released patches and an upgrade that address an Access Control List ACL bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: Quebec prior to Patch 10 Hot Fix 8b Rome prior to Patch 10 Hot Fix 1 San...

CVE-2023-30766

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...

CVE-2023-30766

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...

CVE-2023-30766

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...

Design/Logic Flaw

Hidden functionality issue exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to 91110.1.101106.78,...