352 matches found
PT-2024-19644 · Symphony +1 · Symphony +1
Name of the Vulnerable Software and Affected Versions: symphony versions 3.6.3 and earlier Description: An issue in the software allows a remote attacker to execute arbitrary code via the log4j component. Recommendations: For versions 3.6.3 and earlier, consider disabling the log4j component unti...
PT-2024-20362 · Totolink · Totolink A3300R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version V17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the enable parameter in the setPortForwardRules function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R...
PT-2024-20147 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported due to insufficient encoding of user-controlled inputs. This can be exploited via the /cupseasylive/grnprint.php endpoint, specifically...
PT-2024-15807 · Nsasoft · Nsasoft Product Key Explorer
Name of the Vulnerable Software and Affected Versions: Nsasoft Product Key Explorer version 4.0.9 Description: A vulnerability has been found in the component Registration Handler of Nsasoft Product Key Explorer. The manipulation of the argument Name/Key leads to memory corruption. An attack has ...
PT-2024-15719 · Phpgurukul · Phpgurukul Company Visitor Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Company Visitor Management System version 1.0 Description: A vulnerability was found in the PHPGurukul Company Visitor Management System, affecting some unknown functionality of the file search-visitor.php. The manipulation leads t...
PT-2024-14044 · Qstar · Qstar Archive Solutions
Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions Release RELEASE 3-0 Build 7 Patch 0 Description: The issue is related to incorrect access control, allowing unauthenticated attackers to obtain system backups and other sensitive information from the QStar Server...
PT-2024-14042 · Qstar · Qstar Archive Solutions
Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0 Description: A DOM Based Reflected Cross Site Scripting XSS issue was found in the qnme-ajax component, specifically in the method=tree level endpoint. This allows for potential...
PT-2023-28112 · Unknown · Pandora Fms
Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 774 Description: The issue affects Pandora FMS, allowing Cross-Site Scripting XSS due to improper neutralization of input during web page generation. Malicious code could be executed in the File Manager sectio...
PT-2023-20977 · Opencrx · Opencrx
Name of the Vulnerable Software and Affected Versions: openCRX version 5.2.0 Description: The issue is related to an HTML injection vulnerability in the Search Criteria-Activity Number within the Saved Search Activity. This vulnerability can be exploited via the Name, Description, or Activity...
PT-2023-32856 · Unknown · Phpgurukul Online Notes Sharing System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Notes Sharing System version 1.0 Description: A problematic vulnerability has been found in the Contact Information Handler component of the PHPGurukul Online Notes Sharing System. The issue is related to the manipulation of...
PT-2023-30005 · FFmpeg · Ffmpeg
Name of the Vulnerable Software and Affected Versions: FFmpeg versions prior to commit bf814 Description: The issue is related to an out of bounds read via the dist-alphabet size variable in the read vlc prefix function. Recommendations: For versions prior to commit bf814, consider applying a pat...
PT-2023-30076 · Totolink · Totolink X2000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X2000R Gh version 1.0.0-B20230221.0948.web Description: A stack overflow issue was discovered in the function formStats. Recommendations: For version 1.0.0-B20230221.0948.web, as a temporary workaround, consider disabling the formSta...
PT-2023-29060 · Unknown · Dm Concept Configurator
Name of the Vulnerable Software and Affected Versions: DM Concept configurator versions prior to 4.9.4 Description: The issue is related to a SQL injection vulnerability via the component ConfiguratorAttachment::getAttachmentByToken. Recommendations: For versions prior to 4.9.4, update to version...
PT-2023-6237 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX, and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to errors in processing input data, which can be exploited by a remote attacker to cause a denial of service with a specially...
PT-2023-27634 · Icewarp · Icewarp Mail Server Deep Castle 2
Name of the Vulnerable Software and Affected Versions: IceWarp Mail Server Deep Castle 2 version 13.0.1.2 Description: An issue in IceWarp Mail Server Deep Castle 2 allows a remote attacker to execute arbitrary code via a crafted request to the URL. Recommendations: For IceWarp Mail Server Deep...
PT-2023-27640 · Phicomm · Phicomm K2
Name of the Vulnerable Software and Affected Versions: Phicomm k2 version 22.6.529.216 Description: The Phicomm k2 router contains a command injection vulnerability via the luci.sys.call function. This issue allows for remote command execution. Recommendations: For Phicomm k2 version 22.6.529.216...
PT-2023-4762 · Vim +1 · Vim +1
Name of the Vulnerable Software and Affected Versions: vim version 8.2.2348 Description: The issue is related to a null pointer dereference in the ex buffer all method, which allows local attackers to cause a denial of service DoS. Recommendations: For vim version 8.2.2348, consider disabling the...
PT-2023-22882 · Samsung · Samsung Telecom
Name of the Vulnerable Software and Affected Versions: Samsung Telecom versions prior to SMR Aug-2023 Release 1 Description: The issue is related to improper access control, allowing local attackers to call the "acceptRingingCall" API without permission. Recommendations: For versions prior to SMR...
PT-2023-26736 · Duke · Duke
Name of the Vulnerable Software and Affected Versions: Duke versions 1.2 and below Description: The issue is related to a code injection vulnerability via the component no.priv.garshol.duke.server.CommonJTimer.init. Recommendations: For Duke versions 1.2 and below, consider disabling the...
Ivanti Releases Urgent Patch for EPMM Zero-Day Vulnerability Under Active Exploitation
Ivanti is warning users to update their Endpoint Manager Mobile EPMM mobile device management software formerly MobileIron Core to the latest version that fixes an actively exploited zero-day vulnerability. Dubbed CVE-2023-35078, the issue has been described as a remote unauthenticated API access...