CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit...

CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit...

CVE-2023-34751

bloofox v0.5.2.1 was discovered to contain a SQL injection vulnerability via the gid parameter at admin/index.php?mode=user&page=groups&action=edit...

Netbox 跨站脚本漏洞

NetBox is a Django, PostgreSql based tool for IP Address Management IPAM and Data Center Infrastructure Management DCIM from the NetBox community. A security vulnerability exists in Netbox version 3.5.1 that stems from a stored cross-site scripting XSS vulnerability in the Create Wireless LAN...

bloofoxCMS SQL注入漏洞

bloofoxCMS is bloofox bloofoxCMS individual developers of a Php-based text content management system. A security vulnerability exists in bloofoxCMS version v0.5.2.1, which originates from the gid parameter found to contain an SQL injection vulnerability via...

CVE-2023-34565

Netbox 3.5.1 is vulnerable to Cross Site Scripting XSS in the "Create Wireless LAN Groups" function...

PT-2023-24923 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: Netbox version 3.5.1 Description: The issue is related to Cross Site Scripting XSS in the "Create Wireless LAN Groups" function. This allows for malicious scripts to be injected into the website, potentially leading to unauthorized access or...

CVE-2023-34565

The CVE-2023-34565 entry affects NetBox 3.5.1, with a stored Cross-Site Scripting (XSS) vulnerability in the Create Wireless LAN Groups function. According to multiple sources, NetBox 3.5.1 is vulnerable to XSS in that feature, labeled as stored XSS in CNNVD/CVE records, and the vulnerability has...

Stored XSS in Survey Groups Function

Description By Injecting the payloads to the fields Title, Description, users who visited "Survey list" screen maybe compromises Proof of Concept Step 1: Login as Administrator, go to the "Survey list" screen function, click "create survey group" button. Step 2: Inject the payload to the fields...

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2023-2142)

According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container c...

GitLab Authenticated File Read

GitLab version 16.0 contains a directory traversal for arbitrary file read as the gitlab-www user. This module requires authentication for exploitation. In order to use this module, a user must be able to create a project and groups. When exploiting this vulnerability, there is a direct correlati...

containerd: Supplementary groups are not set up properly

A flaw was found in containerd, where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some...

Cross site scripting

An Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SUSE Rancher allows users in some higher-privileged groups to to inject code that is executed within another user's browser, allowing the attacker to steal sensitive information, manipulate web...

Netflix’s Password-Sharing Crackdown Has Hit the US

TikTok user data is exposed to Chinese ByteDance employees, a screen recording app goes rogue in Google Play, and privacy groups want Slack to expand encryption...

CVE-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

Path traversal

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

UBUNTU-CVE-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

CVE-2023-2825

Removed by vendor...

CVE-2023-2825

An issue has been discovered in GitLab CE/EE affecting only version 16.0.0. An unauthenticated malicious user can use a path traversal vulnerability to read arbitrary files on the server when an attachment exists in a public project nested within at least five groups...

Vulnerability fixed in GitLab Enterprise Edition and Community Edition

GitLab has fixed a vulnerability in GitLab 16.0.0. A unauthenticated remote malicious person could exploit to gain access to arbitrary files on the server via a path traversal. The vulnerability is exploitable when the malicious party has knowledge has knowledge of an attachment in a public proje...