CVE-2023-43359

Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Page Specific Metadata and Smarty data parameters in the Content Manager Menu component...

Vulnerability fixed in Dell Openmanage

A vulnerability has been fixed in Dell OpenManage Server Administrator, version 11.0.0.0 and earlier. A local malicious user could exploit this security vulnerability to execute arbitrary execute code and obtain elevated user privileges. Dell has released updates to fix the vulnerability in OMSA...

PT-2023-29304 · Unknown · Expense Management System

Name of the Vulnerable Software and Affected Versions: Expense Management System version 1.0 Description: An issue in the Expense Management System allows a local attacker to execute arbitrary code via a crafted file uploaded to the "sign-up.php" component. Recommendations: For Expense Management...

VulnCheck KEV: CVE-2022-23748

Dante Discovery contains a process control vulnerability in mDNSResponder.exe that all allows for a DLL sideloading attack. A local attacker can leverage this vulnerability in the Dante Application Library to execute arbitrary code...

PT-2023-6260 · Siemens · Simatic Cp 1623 +4

Name of the Vulnerable Software and Affected Versions: SIMATIC CP 1604 All versions SIMATIC CP 1616 All versions SIMATIC CP 1623 All versions SIMATIC CP 1626 All versions SIMATIC CP 1628 All versions Description: A vulnerability has been identified that exposes kernel memory of affected devices t...

CVE-2023-36123

Directory Traversal vulnerability in Hex-Dragon Plain Craft Launcher 2 version Alpha 1.3.9, allows local attackers to execute arbitrary code and gain sensitive information...

CVE-2023-35897

IBM Spectrum Protect Client and IBM Storage Protect for Virtual Environments 8.1.0.0 through 8.1.19.0 could allow a local user to execute arbitrary code on the system using a specially crafted file, caused by a DLL hijacking flaw. IBM X-Force ID: 259246...

CVE-2023-44771

A Cross-Site Scripting XSS vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Page Layout...

CVE-2023-35897

IBM Storage Protect Backup-Archive Client and IBM Storage Protect for Virtual Environments (Data Protection for VMware/Hyper-V) versions 8.1.0.0–8.1.19.0 are affected by a DLL hijacking flaw that could allow a local user to execute arbitrary code via a specially crafted file. The issue impacts Wi...

CVE-2023-43343

Cross-site scripting XSS vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Files - Description parameter in the Pages Menu component...

CVE-2023-30733

Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows local privileged attackers to perform code execution...

AZL-34733 CVE-2023-4911 affecting package glibc for versions less than 2.38-6

A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBCTUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBCTUNABLES environment variables when launching binaries with SUID permission to execute code...

DEBIAN-CVE-2023-43361

Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files...

CVE-2023-43874

Multiple Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu...

CVE-2023-43873

A Cross Site Scripting XSS vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu...

CVE-2023-41444

An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun1400084d0 function in IREC.sys driver...

PT-2023-27947 · Binalyze · Irec.Sys

Name of the Vulnerable Software and Affected Versions: Binalyze IREC.sys versions 3.11.0 and earlier Description: An issue in Binalyze IREC.sys allows a local attacker to execute arbitrary code and escalate privileges via the fun 1400084d0 function in the IREC.sys driver. Recommendations: For...

CVE-2023-43339

Cross-Site Scripting XSS vulnerability in cmsmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted payload injected into the Database Name, DataBase User or Database Port components...

CMS Made Simple Cross-Site Scripting Vulnerability

CMS Made Simple CMSMS is an open source content management system CMS by Cmsms team. The system supports role-based privilege management system, wizard-based installation and update mechanism, intelligent caching mechanism and so on. A security vulnerability exists in CMS Made Simple version...

CVE-2023-32184

A Insecure Storage of Sensitive Information vulnerability in openSUSE opensuse-welcome allows local attackers to execute code as the user that runs opensuse-welcome if a custom layout is chosen This issue affects opensuse-welcome: from 0.1 before 0.1.9+git.35.4b9444a...