PT-2023-2337 · Unknown · Rg-Ew1200G Pro Wireless Routers +2

Name of the Vulnerable Software and Affected Versions: RG-EW1200G PRO Wireless Routers version EW 3.01B11P204 RG-EW1800GX PRO Wireless Routers version EW 3.01B11P204 RG-EW3200GX PRO Wireless Routers version EW 3.01B11P204 Description: The issue is related to the lack of input data sanitization in...

PT-2023-21056 · Git +1 · Opencats

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: Improper neutralization of input during web page generation allows an authenticated attacker with access to a restricted account to submit malicious...

PT-2023-18863 · Unknown · Art Gallery Management System Project

Name of the Vulnerable Software and Affected Versions: Art Gallery Management System Project in PHP version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the pid parameter in the single-product page. Recommendations: For Art Galler...

PT-2023-3640 · Sage · Sage X3

Name of the Vulnerable Software and Affected Versions: Sage X3 version 12.14.0.50-0 Description: The issue is related to Cross Site Scripting XSS in the Sage X3 Web application. Some parts of the application are dynamically built using user inputs, but these inputs are not verified or filtered,...

PT-2023-5683 · Avast · Avast Premium Security

Name of the Vulnerable Software and Affected Versions: Avast Premium Security affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. The flaw exists within the implementation of the sandbox feature due to incorrect...

CVE-2021-32854

textAngular is a text editor for Angular.js. Version 1.5.16 and prior are vulnerable to copy-paste cross-site scripting XSS. For this particular type of XSS, the victim needs to be fooled into copying a malicious payload into the text editor. There are no known patches...

CVE-2021-32857 Cockpit vulnerable to Cross-site Scripting

Cockpit is a content management system that allows addition of content management functionality to any site. In versions 0.12.2 and prior, bad HTML sanitization in htmleditor.js may lead to cross-site scripting XSS issues. There are no known patches for this issue...

PT-2023-16617 · Sourcecodester · Sourcecodester Auto Dealer Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Auto Dealer Management System version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /adms/admin/?page=user/manage user. The manipulation of the id argument leads to SQL...

PT-2023-1545 · Fortinet · Fortiwan

Name of the Vulnerable Software and Affected Versions: FortiWAN versions 4.0.0 through 4.5.9 Description: The issue is related to an improper neutralization of special elements used in an OS command, which may allow an authenticated attacker to execute unauthorized commands via specifically craft...

PT-2023-9310 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: GPAC version 2.3-DEV-rev40-g3602a5ded Description: A critical issue has been found in the mp3 dmx process function of the file filters/reframe mp3.c, which leads to a heap-based buffer overflow. The attack may be initiated remotely...

PT-2023-16449 · Sourcecodester · Sourcecodester Canteen Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Canteen Management System version 1.0 Description: A critical issue affects some unknown functionality of the file removeUser.php. The manipulation of the id argument leads to SQL injection. The attack can be launched remotely,...

Warning: Hackers Actively Exploiting Zero-Day in Fortra's GoAnywhere MFT

A zero-day vulnerability affecting Fortra's GoAnywhere MFT managed file transfer application is being actively exploited in the wild. Details of the flaw were first publicly shared by security reporter Brian Krebs on Mastodon. No public advisory has been published by Fortra. The vulnerability is ...

PT-2023-16415 · Trendnet · Trendnet Tew-811Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-811DRU version 1.0.10.0 Description: A critical vulnerability has been found in the Web Interface component, allowing for command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and m...

PT-2023-2975 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows an unauthenticated attacker to upload any type of file to any location on the Teacher Console's computer. This enables various exploitation paths, including...

PT-2023-14640 · Eq · Eq

Name of the Vulnerable Software and Affected Versions: EQ versions 1.5.31 through 2.2.0 Description: The issue is a SQL injection vulnerability that can be exploited via the UserPwd parameter. This allows for potential unauthorized access to sensitive data. Recommendations: For EQ versions 1.5.31...

PT-2023-13944 · Siretta · Siretta Quartz-Gold

Name of the Vulnerable Software and Affected Versions: Siretta QUARTZ-GOLD version G5.0.1.5-210720-141020 Description: The issue concerns stack-based buffer overflow vulnerabilities in the DetranCLI command parsing functionality. A specially-crafted network packet can lead to arbitrary command...

PT-2023-12672 · Smartctl · Smartctl

Name of the Vulnerable Software and Affected Versions: smartctl versions all Description: The issue is related to Command Injection via the info method due to improper input sanitization. This allows for potential exploitation. No information is provided about the estimated number of potentially...

PT-2023-10554 · Unknown · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub. Specially crafted commands sent through the PubNub service can cause a...

PT-2023-10551 · Unknown +1 · Insteon Hub +1

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel. Specially crafted commands sent through the PubNub service can cause a stack-based buffer...

PT-2023-10579 · Unknown · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub. Specially crafted commands sent through the PubNub service can cause a...