PT-2023-25224 · Gz Scripts · Gz Forum Script

Name of the Vulnerable Software and Affected Versions: GZ Scripts GZ Forum Script version 1.8 Description: A vulnerability was found in the file /preview.php, where the manipulation of the arguments catid, topicid, topic, topic message, or free name leads to cross site scripting. The attack may b...

PT-2023-3896 · Totolink · Totolink Lr350

Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is related to a command injection vulnerability via the hostname parameter in the setOpModeCfg function. This vulnerability is associated with a lack of input data...

is_js vulnerable to Regular Expression Denial of Service

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...

PT-2023-11605 · Duxcms · Duxcms

Name of the Vulnerable Software and Affected Versions: DuxCMS version 2.1 Description: A directory traversal issue allows attackers to delete arbitrary files via the /admin/AdminBackup/del API endpoint. This enables attackers to potentially disrupt system functionality or destroy sensitive data...

PT-2023-9687 · Node.Js · Node.Js

Name of the Vulnerable Software and Affected Versions: Node.js version 20 Description: A flaw in the experimental permission model of Node.js version 20 allows malicious actors to retrieve stats from files they do not have explicit read access to when the --allow-fs-read flag is used with a non-...

PT-2023-18600 · Suse · Suse Manager Server Module +1

Name of the Vulnerable Software and Affected Versions: SUSE Manager Server Module 4.2 versions prior to 4.2.50-150300.3.66.5 SUSE Manager Server Module 4.3 versions prior to 4.3.58-150400.3.46.4 NeuVector affected versions not specified Description: A user can reverse engineer the JSON Web Token...

PT-2023-11560 · Taogogo · Taocms

Name of the Vulnerable Software and Affected Versions: taogogo taoCMS version 2.5 beta5.1 Description: The issue allows a remote attacker to execute arbitrary code via the name field in "admin.php". This is a Cross Site Scripting vulnerability. Recommendations: For version 2.5 beta5.1, as a...

PT-2023-11592 · Feehicms · Feehicms

Name of the Vulnerable Software and Affected Versions: Feehicms version 2.0.8 Description: The issue allows a remote attacker to execute arbitrary code via the "/admin/index.php?r=admin-user%2Fupdate-self" component. This is a File Upload vulnerability, which can be exploited by a remote attacker...

PT-2023-24168 · Minical · Minical

Name of the Vulnerable Software and Affected Versions: miniCal version 1.0.0 Description: A critical issue affects the processing of the file /booking/show bookings/. The manipulation of the search query argument leads to SQL injection. The attack may be initiated remotely. The exploit has been...

PT-2023-19247 · Solarwinds · Solarwinds Serv-U

Name of the Vulnerable Software and Affected Versions: SolarWinds Serv-U affected versions not specified Description: The issue concerns SolarWinds Serv-U submitting an HTTP request when changing or updating attributes for File Share or File request, where part of the URL of the request discloses...

PT-2023-24794 · Pulse Secure · Pulse Secure Client

Name of the Vulnerable Software and Affected Versions: Pulse Secure Client affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations of Pulse Secure Client. An attacker must first obtain the ability to execute low-privileged co...

PT-2023-25000 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2.1 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the pid parameter at the "admin/index.php?mode=settings&page=plugins&action=edit" endpoint. Recommendations: F...

PT-2023-23326 · Systemd +1 · Systemd +1

Name of the Vulnerable Software and Affected Versions: systemd version 253 Description: An issue was discovered where an attacker can truncate a sealed log file and then resume log sealing, allowing modifications to go undetected despite integrity checks showing no error. Recommendations: For...

PT-2023-22400 · Unknown · Facemoji Emoji Keyboard

Name of the Vulnerable Software and Affected Versions: Facemoji Emoji Keyboard version 2.9.1.2 Description: The issue allows unauthorized apps to cause escalation of privilege attacks by manipulating a component. Recommendations: For Facemoji Emoji Keyboard version 2.9.1.2, consider restricting...

PT-2023-3470 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free flaw in the Netfilter subsystem of the Linux kernel when processing named and anonymous sets in batch requests. This can lead to performing...

PT-2023-22377 · Unknown · Bt21 X Bts Wallpaper

Name of the Vulnerable Software and Affected Versions: BT21 x BTS Wallpaper app version 12 for Android Description: The issue allows unauthorized applications to request permission to insert data into the database that records user personal preferences. This data is loaded into memory when the...

PT-2023-22799 · Sourcecodester · Sourcecodester Online Exam Form Submission

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Exam Form Submission version 1.0 Description: A critical issue was found in the file /admin/update s6.php, where the manipulation of the id argument leads to SQL injection. This issue can be exploited remotely...

PT-2023-22816 · Code Projects · Agro-School Management System

Name of the Vulnerable Software and Affected Versions: code-projects Agro-School Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file index.php. The manipulation of the password argument leads to sql injection, allowing for...

PT-2023-24412 · H3C · H3C Magic R300

Name of the Vulnerable Software and Affected Versions: H3C Magic R300 version R300-2100MV100R004 Description: A stack overflow issue was discovered via the UpdateSnat interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R300 device. Recommendations: For H3C Magic R300...

PT-2023-3739 · Advantech · Advantech Webaccess

Name of the Vulnerable Software and Affected Versions: Advantech WebAccess version 8.4.5 Description: The issue is related to insufficient authentication data validation in the software. An attacker could exploit this by tricking an authenticated user into loading a maliciously crafted .zip file,...