5576 matches found
CVE-2023-48381
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a special URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access and modify...
CVE-2023-48382
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...
CVE-2023-48382 Softnext Mail SQR Expert - Local File Inclusion-2
Softnext Mail SQR Expert is an email management platform, it has a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary PHP file with .asp file extension under specific system paths, to access...
CVE-2023-48374
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
CVE-2023-48374
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
Information disclosure
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
CVE-2023-48374
The CVE-2023-48374 entry pertains to SmartStar Software CWS, a web-based integration platform. The vulnerability is described as using a hard-coded credential for a specific low-privilege account, enabling an unauthenticated remote attacker to run partial processes and view partial information. T...
CVE-2023-48374 SmartStar Software CWS Web-Base - Use of Hard-coded Credentials
SmartStar Software CWS is a web-base integration platform, it has a vulnerability of using a hard-coded for a specific account with low privilege. An unauthenticated remote attacker can exploit this vulnerability to run partial processes and obtain partial information, but can't disrupt service o...
PT-2023-30801 · Unknown · Smartstar Software Cws
Name of the Vulnerable Software and Affected Versions: SmartStar Software CWS affected versions not specified Description: The issue is related to the use of a hard-coded account with low privilege in SmartStar Software CWS, a web-based integration platform. An unauthenticated remote attacker can...
PT-2023-30809 · Softnext · Softnext Mail Sqr Expert
Name of the Vulnerable Software and Affected Versions: Softnext Mail SQR Expert affected versions not specified Description: The issue is related to a Local File Inclusion LFI vulnerability in a mail deliver-related URL. An unauthenticated remote attacker can exploit this vulnerability to execute...
PT-2023-30814 · Kaifa Technology · Webitr
Name of the Vulnerable Software and Affected Versions: Kaifa Technology WebITR affected versions not specified Description: The issue concerns Kaifa Technology WebITR, an online attendance system. A remote attacker with regular user privileges can obtain partial sensitive system information from ...
CVE-2022-48615
An improper access control vulnerability exists in a Huawei datacom product. Attackers can exploit this vulnerability to obtain partial device information...
PT-2023-9584 · Oracle · Virtualbox
Name of the Vulnerable Software and Affected Versions: Oracle VM VirtualBox versions prior to 7.0.22 Description: The issue is related to errors in resource release due to insufficient input validation in the Core component of Oracle VM VirtualBox. Exploitation of this issue can allow an attacker...
PT-2023-9571
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u421, 8u421-perf, 11.0.24, 17.0.12, 21.0.4, 23 Oracle GraalVM for JDK versions 17.0.12, 21.0.4, 23 Oracle GraalVM Enterprise Edition versions 20.3.15, 21.3.11 Description The issue is related to the Serialization...
PT-2023-9650 · Oracle · Oracle Database Server
Name of the Vulnerable Software and Affected Versions: Oracle Database Server versions 19.3 through 19.23 Oracle Database Server versions 21.3 through 21.14 Oracle Database Server version 23.4 Description: The issue is related to the Java VM component of Oracle Database Server, where an incorrect...
GHSA-GXHX-G4FQ-49HJ CarrierWave Content-Type allowlist bypass vulnerability, possibly leading to XSS
Impact CarrierWave::Uploader::ContentTypeAllowlist has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the contenttype argument of allowlistedcontenttype? is...
CVE-2023-49090
CarrierWave is a solution for file uploads for Rails, Sinatra and other Ruby web frameworks. CarrierWave has a Content-Type allowlist bypass vulnerability, possibly leading to XSS. The validation in allowlistedcontenttype? determines Content-Type permissions by performing a partial match. If the...
OESA-2023-1848 openjdk-11 security update
The OpenJDK runtime environment. Security Fixes: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u381, 8u381-perf, 11.0.20, 17.0.8, 21; Oracle GraalV...
SUSE SLES12 Security Update : java-1_8_0-openjdk (SUSE-SU-2023:4507-1)
The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4507-1 advisory. - The TLS protocol 1.2 and earlier, when a DHEEXPORT ciphersuite is enabled on a server but not on a client, does not properly conv...
CVE-2023-23549
CVE-2023-23549 affects Checkmk installations running <2.2.0p15, <2.1.0p37, or