CVE-2023-1248

CVE-2023-1248 – Affected software and fix guidance : The vulnerability is an improper input validation flaw in OTRS/OTRS Community Edition’s Ticket Actions modules that enables Cross-Site Scripting (XSS). Affected products include OTRS 7.0.X (before 7.0.42) and OTRS Community Edition 6.0.1–6.0.34...

OTRS 代码注入漏洞

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS AG OTRS ACL modules, OTRS AG OTRS Community Edition ACL modules, which originates from improper input validation. An attacker could use this vulnerability to locally execute arbitrary...

PT-2023-17018 · Sourcecodester · Sourcecodester Monitoring Of Students Cyber Accounts System

Name of the Vulnerable Software and Affected Versions: SourceCodester Monitoring of Students Cyber Accounts System version 1.0 Description: A problematic issue has been found in the system, affecting some unknown functionality of the file modules/balance/index.php, specifically the POST Parameter...

SourceCodester Monitoring of Students Cyber Accounts System 跨站脚本漏洞

Monitoring of Students Cyber Accounts System is a Monitoring of Students Cyber Accounts System by Chris Jim Egot Individual Developer. A cross-site scripting vulnerability exists in SourceCodester Monitoring of Students Cyber Accounts System version 1.0, which stems from an issue with the file...

CVE-2022-45155

An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...

openSUSE 安全漏洞

openSUSE is a suite of Linux-based free operating systems and open source community projects from the German company SUSE. A security vulnerability exists in SUSE openSUSE Factory obs-service-gomodules versions prior to 0.6.1, which stems from a vulnerability that allows an attacker to delete fil...

CVE-2022-2503

A flaw was found in the Linux kernel. Dm-verity is used for extending root-of-trust to root filesystems. LoadPin builds on this property to restrict module and firmware loads to just the trusted root filesystem. Device-mapper table reloads currently allow users with root privileges to switch out...

traefik -- Use of vulnerable Go modules net/http, net/textproto

The Go project reports: HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME headers to allocate substantially...

Improper Access Control

vantage6server is vulnerable to Improper Access Control. A remote attacker is able to bypass permissions and access unauthorized modules because assigning existing users to a different organizations is not restricted...

Prometei botnet improves modules and exhibits new capabilities in recent updates

Prometei botnet continued its activity since Cisco Talos first reported about it in 2020. Since November 2022, we have observed Prometei improving the infrastructure components and capabilities. More specifically, the botnet operators updated certain submodules of the execution chain to automate...

GHSA-XM67-587Q-R2VW wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64

Impact Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one...

Debian: Security Advisory (DLA-97-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2015-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

iGamingModules flashgames SQL注入漏洞

Flashgames is an open source Xoops module from iGaming Modules. It is used to support Flash game applications. A SQL injection vulnerability exists in iGamingModules flashgames version 1.1.0, which stems from the fact that manipulation of the parameter lid can lead to sql injection...

PT-2023-9864 · Unknown · Igamingmodules Flashgames

Name of the Vulnerable Software and Affected Versions: iGamingModules flashgames version 1.1.0 Description: A critical issue was found in the software. It affects an unknown function of the file game.php. The manipulation of the lid argument leads to sql injection. This issue can be exploited...

SUSE CVE-2022-45155

An Improper Handling of Exceptional Conditions vulnerability in obs-service-gomodules of openSUSE Factory allows attackers that can influence the call to the service to delete files and directories on the system of the victim. This issue affects: SUSE openSUSE Factory obs-service-gomodules versio...

CVE-2021-3855

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection. This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...

CVE-2021-3855

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...

Command injection

Improper Neutralization of Special Elements used in a Command 'Command Injection' vulnerability in Liman Central Management System Liman MYS HTTP/Controllers, CronMail, Jobs modules allows Command Injection.This issue affects Liman Central Management System: from 1.7.0 before 1.8.3-462...

渗透字典

This repository is an offensive tool for Bug Bounty research and exploitation. The primary CVE ID is not explicitly mentioned, but it appears to be a collection of exploits and techniques for various vulnerabilities. The repository contains a wide range of exploits and techniques, including: 1...