NewStart CGSL MAIN 6.06 : cairo Vulnerability (NS-SA-2023-0077)

The remote NewStart CGSL host, running version MAIN 6.06, has cairo packages installed that are affected by a vulnerability: - A flaw was found in cairo's image-compositor.c in all versions prior to 1.17.4. This flaw allows an attacker who can provide a crafted input file to cairo's...

NewStart CGSL MAIN 6.02 : kernel Multiple Vulnerabilities (NS-SA-2023-0107)

The remote NewStart CGSL host, running version MAIN 6.02, has kernel packages installed that are affected by multiple vulnerabilities: - A vulnerability was found in the fs/inode.c:inodeinitowner function logic of the LInux kernel that allows local users to create files for the XFS file-system wi...

NewStart CGSL MAIN 6.06 : expat Multiple Vulnerabilities (NS-SA-2023-0082)

The remote NewStart CGSL host, running version MAIN 6.06, has expat packages installed that are affected by multiple vulnerabilities: - In Expat aka libexpat before 2.4.3, a left shift by 29 or more places in the storeAtts function in xmlparse.c can lead to realloc misbehavior e.g., allocating to...

NewStart CGSL MAIN 6.06 : glibc Multiple Vulnerabilities (NS-SA-2023-0076)

The remote NewStart CGSL host, running version MAIN 6.06, has glibc packages installed that are affected by multiple vulnerabilities: - A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd may lead to memory corruption when the size of the buffer is exactly 1. A local...

NewStart CGSL MAIN 6.06 : krb5 Multiple Vulnerabilities (NS-SA-2023-0096)

The remote NewStart CGSL host, running version MAIN 6.06, has krb5 packages installed that are affected by multiple vulnerabilities: - ecverify in kdc/kdcpreauthec.c in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cau...

The vulnerability of the main() function in the tiffcp.c component of the LibTIFF library allows a attacker to compromise data integrity and cause service failures.

The vulnerability of the main function in the tiffcp.c component of the LibTIFF library is related to buffer overflow on the stack. Exploiting this vulnerability can allow an attacker to compromise data integrity and also cause service failures through the use of a specially created TIFF file...

CVE-2022-43675

An issue was discovered in NOKIA NFM-T R19.9. Reflected XSS in the Network Element Manager exists via /oms1350/pages/otn/cpbLogDisplay via the filename parameter, under /oms1350/pages/otn/connection/E2ERoutingDisplayWithOverLay via the id parameter, and under /oms1350/pages/otn/mainOtn via all...

PT-2023-14284 · Nokia · Nokia Nfm-T

Name of the Vulnerable Software and Affected Versions: NOKIA NFM-T version R19.9 Description: An issue exists in the Network Element Manager, specifically a Reflected XSS. This issue can be exploited via several API endpoints, including "/oms1350/pages/otn/cpbLogDisplay" via the filename paramete...

CVE-2023-7075

A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /main/checkout.php. The manipulation of the argument pt leads to cross site scripting. The attack may be...

CVE-2023-7075

CVE-2023-7075 affects code-projects Point of Sales and Inventory Management System 1.0. A cross-site scripting vulnerability exists in the /main/checkout.php file, triggered by manipulating the pt parameter. The issue is exploitable remotely and public exploits have been disclosed. No patch/versi...

New KV-Botnet Targeting Cisco, DrayTek, and Fortinet Devices for Stealthy Attacks

A new botnet consisting of firewalls and routers from Cisco, DrayTek, Fortinet, and NETGEAR is being used as a covert data transfer network for advanced persistent threat actors, including the China-linked threat actor called Volt Typhoon. Dubbed KV-botnet by the Black Lotus Labs team at Lumen...

CVE-2023-6572

Command Injection in GitHub repository gradio-app/gradio prior to main...

PYSEC-2023-255

Command Injection in GitHub repository gradio-app/gradio prior to main...

PYSEC-2023-255

Command Injection in GitHub repository gradio-app/gradio prior to main...

PT-2023-32700 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: gradio versions prior to main Description: The issue concerns Exposure of Sensitive Information to an Unauthorized Actor in the GitHub repository gradio-app/gradio. Recommendations: For versions prior to main, update to the main version or...

PT-2023-30678 · Cybrosys Techno Solutions · Cybrosys Techno Solutions Website Blog Search

Name of the Vulnerable Software and Affected Versions: Cybrosys Techno Solutions Website Blog Search aka website search blog versions 13.0 through 13.0.1.0.1 Description: A SQL injection issue allows a remote attacker to execute arbitrary code and gain privileges via the name parameter in the...

PYSEC-2023-262

main.py in Searchor before 2.4.2 uses eval on CLI input, which may cause unexpected code execution...

Command injection

Command injection in main/lp/openofficepresentation.class.php in Chamilo LMS = v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters...

CVE-2023-4222

CVE-2023-4222 concerns Chamilo LMS versions

PT-2023-32598 · Apryse · Apryse Itext

Name of the Vulnerable Software and Affected Versions: Apryse iText version 8.0.2 Description: A vulnerability was found in the function main of the file PdfDocument.java, which affects the improper validation of array index. The attack can be initiated remotely. The real existence of this...