PT-2023-4385 · Microsoft · Windows Smart Card Resource Management Server +1

Name of the Vulnerable Software and Affected Versions: Windows Smart Card Resource Management Server affected versions not specified Description: The issue is related to a lack of protection for service data, which can be exploited to reveal protected information. It allows attackers to affect th...

PT-2023-26323 · Microsoft · Azure Arc-Enabled Servers

Name of the Vulnerable Software and Affected Versions: Azure Arc-Enabled Servers affected versions not specified Description: The issue is related to an elevation of privilege vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or...

PT-2023-27845 · Phpjabbers · Php Jabbers Rental Property Booking

Name of the Vulnerable Software and Affected Versions: PHP Jabbers Rental Property Booking version 2.0 Description: A problematic issue has been found in the software, affecting some unknown functionality of the file /index.php. The manipulation of the index argument leads to cross-site scripting...

PT-2023-27824 · Phpjabbers · Phpjabbers Cleaning Business

Name of the Vulnerable Software and Affected Versions: PHP Jabbers Cleaning Business version 1.0 Description: A problematic vulnerability has been found in the software. The issue is related to an unknown function of the file /index.php, where the manipulation of the index argument leads to...

PT-2023-24470 · Teleadapt · Teleadapt Roomcast Ta-2400

Name of the Vulnerable Software and Affected Versions: TeleAdapt RoomCast TA-2400 versions 1.0 through 3.1 Description: The issue concerns Improper Privilege Management. After establishing an adb connection, accessing the shell and entering the su command provides root access without requiring a...

PT-2023-36317 · Trove · Trove

Name of the Vulnerable Software and Affected Versions: Trove affected versions not specified Description: The issue is related to the incorrect handling of arguments to the backup command by Trove. A remote attacker could possibly use this issue to execute arbitrary code. Recommendations: At the...

PT-2023-26794 · Gnu +3 · Gdb +3

Name of the Vulnerable Software and Affected Versions: GNU gdb GDB version 13.0.50.20220805-git Description: A stack overflow issue was discovered in the function ada decode at /gdb/ada-lang.c. This issue affects the GNU gdb GDB debugger. Recommendations: For GNU gdb GDB version...

PT-2023-26410 · Nxfilter · Nxfilter

Name of the Vulnerable Software and Affected Versions: NxFilter version 4.3.2.5 Description: A vulnerability has been found in NxFilter, affecting unknown code of the file user.jsp, leading to cross-site request forgery. The attack can be initiated remotely. The vendor was contacted early about...

PT-2023-26447 · Unknown · Moosocial Moodating

Name of the Vulnerable Software and Affected Versions: mooSocial mooDating version 1.2 Description: A problematic vulnerability has been found in the URL Handler component, affecting an unknown part of the file /pages. The manipulation leads to cross site scripting and can be initiated remotely...

PT-2023-26321 · Unknown · Y Project Ruoyi

Name of the Vulnerable Software and Affected Versions: y project RuoYi versions up to 4.7.7 Description: A vulnerability has been found in the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be...

PT-2023-26082 · Tenda · Tenda Fh1202

Name of the Vulnerable Software and Affected Versions: Tenda F1202 version V1.0BR V1.2.0.20408 Tenda FH1202 version V1.2.0.19 EN Description: A stack overflow was discovered in the page parameter in the fromSafeMacFilter function. This issue affects the specified versions of Tenda F1202 and FH120...

PT-2023-26291 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a maliciou...

PT-2023-3681

Name of the Vulnerable Software and Affected Versions vm2 versions up to and including 3.9.19 Description The issue in vm2 allows attackers to escape the sandbox and run arbitrary code, potentially resulting in Remote Code Execution. This is possible due to the Node.js custom inspect function...

PT-2023-18032 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to the ShortcutInfo.java file, where an uncaught exception can allow an app to retain notification listening access. This could lead to local escalation of privilege...

PT-2023-3858 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access restrictions in the Connected User Experiences and Telemetry services of Windows operating systems. It allows an attacker to launch processes wit...

PT-2023-5381 · D Link · D-Link Dwl-6610Ap

Name of the Vulnerable Software and Affected Versions: D-LINK DWL-6610 version 4.3.0.8B003C Description: The issue is related to a command injection vulnerability in the config upload handler function. This vulnerability allows attackers to execute arbitrary commands via the configRestore...

PT-2023-25419 · Kodbox · Kodbox

Name of the Vulnerable Software and Affected Versions: kodbox version 1.26 Description: A critical issue affects the function Execute of the file webconsole.php.txt in the WebConsole Plug-In component, leading to os command injection. The exploit has been disclosed publicly and may be used. The...

PT-2023-25224 · Gz Scripts · Gz Forum Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts GZ Forum Script version 1.8 Description: A vulnerability was found in the file /preview.php, where the manipulation of the arguments catid, topicid, topic, topic message, or free name leads to cross site scripting. The attack may b...

PT-2023-3896 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is related to a command injection vulnerability via the hostname parameter in the setOpModeCfg function. This vulnerability is associated with a lack of input data...

is_js vulnerable to Regular Expression Denial of Service

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...