PrestaShop SQL Injection Vulnerability (CNVD-2024-02171)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the application...

The vulnerability of the MacMonitorConsole class in the software for controlling power sources of Voltronic Power ViewPower allows a hacker to execute arbitrary code.

The vulnerability of the MacMonitorConsole software class for controlling Voltronic Power ViewPower power sources is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code through a specially created request...

The vulnerability of the UpsScheduler class in the software for managing power sources of Voltronic Power ViewPower allows a perpetrator to execute arbitrary code.

The vulnerability of the UpsScheduler class in the software for managing power sources of Voltronic Power ViewPower is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code through a specially created request...

The vulnerability of the Spreadsheet::ParseExcel library in email security gateways of the Barracuda Email Security Gateway Appliance, related to the use of dangerous methods or functions, allows attackers to execute arbitrary code.

The vulnerability of the Spreadsheet::ParseExcel library, a microprogramming solution for email security gateways like Barracuda Email Security Gateway Appliance, is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow an attacker to execute arbitrary co...

CVE-2023-50711

vmm-sys-util is a collection of modules that provides helpers and utilities used by multiple rust-vmm components. Starting in version 0.5.0 and prior to version 0.12.0, an issue in the FamStructWrapper::deserialize implementation provided by the crate for vmmsysutil::fam::FamStructWrapper can lea...

PT-2023-8290 · Moxa · Oncell G3150A-Lte Series

Name of the Vulnerable Software and Affected Versions: OnCell G3150A-LTE Series firmware versions prior to v1.3 Description: The issue is related to the transmission of data in an open manner, which could allow a remote attacker to obtain sensitive information. This could be achieved through...

Authentication Bypass by Capture-replay

Overview Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established. Note: 1 Sequence numbers...

Zerocopy: Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

GHSA-RJHF-4MH8-9XJQ Zerocopy: Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

Cybercrooks leveraging anti automation toolkit for phishing campaigns

Cybercrooks Leveraging Anti Automation Toolkit for Phishing Campaigns By Vihar Shah and Rohan Shah · December 18, 2023 Threat actors have a track record of abusing tools hosted on GitHub for malicious purposes. Last year we showed how attackers abused Python’s tarfile module. Trellix Advanced...

Ref methods into_ref, into_mut, into_slice, and into_slice_mut are unsound when used with cell::Ref or cell::RefMut

This advisory is also published as RUSTSEC-2023-0074. The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B type...

RUSTSEC-2023-0074 Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

Some Ref methods are unsound with some type parameters

The Ref methods intoref, intomut, intoslice, and intoslicemut are unsound and may allow safe code to exhibit undefined behavior when used with Ref where B is cell::Ref or cell::RefMut. Note that these methods remain sound when used with B types other than cell::Ref or cell::RefMut. See...

PrestaShop SQL Injection Vulnerability (CNVD-2023-9749945)

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides a variety of payment methods, short message alerts and product image scaling and other features. PrestaShop suffers from a SQL injection vulnerability that stems from the module havi...

openssl: Certificate policy check not enabled

A flaw was found in OpenSSL. The X509VERIFYPARAMadd0policy function is documented to enable the certificate policy check when doing certificate verification implicitly. However, implementing the function does not enable the check, allowing certificates with invalid or incorrect policies to pass t...

New Report: Unveiling the Threat of Malicious Browser Extensions

Compromising the browser is a high-return target for adversaries. Browser extensions, which are small software modules that are added to the browser and can enhance browsing experiences, have become a popular browser attack vector. This is because they are widely adopted among users and can easil...

Denial Of Service (DoS)

org.springframework: spring-web is vulnerable to Denial Of Service DoS. The vulnerability is due to a lack of validation for HTTP methods in DefaultServerRequestObservationConvention.java. This allows an attacker to inject specially crafted HTTP requests that may cause Denial of Service. Note tha...

Exploit for Unsafe Reflection in Hsqldb Hypersql_Database

Research into CVE-2022-41853: Using static functions to obtian...

CVE-2023-4594

Stored XSS vulnerability. This vulnerability could allow an attacker to store a malicious JavaScript payload via GET and POST methods on multiple parameters in the MailAdmindll.htm file...

Design/Logic Flaw

Missing access permissions checks in the M-Files server before 23.11.13156.0 allow attackers to perform data write and export jobs using the M-Files API methods...