CVE-2023-33487

The CVE-2023-33487 issue affects TOTOLINK X5000R versions V9.1.0u.6118_B20201102 through V9.1.0u.6369_B20230113. It is a command injection in setDiagnosisCfg that allows an attacker to execute arbitrary commands via the ip parameter, constituting remote code execution with high impact (per CVSS 3...

CVE-2023-33486

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setOpModeCfg. This vulnerability allows an attacker to execute arbitrary commands through the "hostName" parameter...

CVE-2023-33486

CVE-2023-33486 affects TOTOLINK X5000R firmware versions V9.1.0u.6118_B20201102 through V9.1.0u.6369_B20230113. The root cause is a command injection in setOpModeCfg that permits executing arbitrary commands via the hostName parameter. Documents do not provide exploit details or a confirmed patch...

Design/Logic Flaw

Insertion of Sensitive Information into Log File vulnerability in ABB QCS 800xA, ABB QCS AC450, ABB Platform Engineering Tools. An attacker, who already has local access to the QCS nodes, could successfully obtain the password for a system user account. Using this information, the attacker could...

CVE-2022-0010

Summary: CVE-2022-0010 affects ABB QCS 800xA, ABB QCS AC450, and ABB Platform Engineering Tools due to insertion of sensitive information into log files. An attacker with local access to QCS nodes could obtain a system user password and potentially take control of nodes. Affected versions: QCS 80...

CVE-2023-26818

Telegram 9.3.1 and 9.4.0 allows attackers to access restricted files, microphone ,or video recording via the DYLDINSERTLIBRARIES flag...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2004-1464 Cisco IOS Denial-of-Service Vulnerability CVE-2016-6415 Cisco IOS, IOS XR, and IOS XE IKEv1 Information Disclosure Vulnerability CVE-2023-21492 Samsung...

Design/Logic Flaw

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system. The...

CVE-2023-32784

KeePass 2.x before 2.54 is vulnerable to master password exposure from memory dumps (KeePass process dumps, pagefile.sys, hibernation files, or RAM). The first character cannot be recovered, but subsequent characters may be revealed due to memory handling in KeePass. KeePass 2.54 introduces mitig...

CVE-2023-32784

In KeePass 2.x before 2.54, it is possible to recover the cleartext master password from a memory dump, even when a workspace is locked or no longer running. The memory dump can be a KeePass process dump, swap file pagefile.sys, hibernation file hiberfil.sys, or RAM dump of the entire system. The...

CVE-2023-28358

A vulnerability has been discovered in Rocket.Chat where a markdown parsing issue in the "Search Messages" feature allows the insertion of malicious tags. This can be exploited on servers with content security policy disabled possible leading to some issues attacks like account takeover...

CVE-2023-30860

CVE-2023-30860 affects WWBN AVideo prior to version 12.4. A normal user can create a Meeting Schedule and invite others, but input is not properly sanitized when creating a Meeting Room, allowing insertion of malicious scripts. Any user, including admins, can view the meeting room, enabling cooki...

CVE-2023-30013

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter...

Command injection

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter...

CVE-2023-30013

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter...

CVE-2023-30013

TOTOLINK X5000R V9.1.0u.6118B20201102 and V9.1.0u.6369B20230113 contain a command insertion vulnerability in setting/setTracerouteCfg. This vulnerability allows an attacker to execute arbitrary commands through the "command" parameter...

CVE-2023-30013

The connected sources confirm a command-injection vulnerability in TOTOLINK X5000R firmware versions 9.1.0u.6118_B20201102 and 9.1.0u.6369_B20230113, specifically in the setting/setTracerouteCfg endpoint, allowing unauthenticated remote execution of arbitrary OS commands via the command parameter...

CVE-2023-2331

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...

CVE-2023-2331 Bypassing hardening via Unquoted Service path vulnerability

Unquoted service Path or Element vulnerability in 42Gears Surelock Windows SureLock Service NixService.Exe on Windows application will allows to insert arbitrary code into the service. This issue affects Surelock Windows : from 2.3.12 through 2.40.0...

PT-2023-18902 · 42Gears · Surelock

Name of the Vulnerable Software and Affected Versions: 42Gears Surelock Windows versions 2.3.12 through 2.40.0 Description: The issue is related to an Unquoted service Path or Element vulnerability in the SureLock Service NixService.Exe on Windows application, which allows arbitrary code insertio...