PT-2024-15423 · Acme · Acme Ultra Mini Httpd

Name of the Vulnerable Software and Affected Versions: ACME Ultra Mini HTTPd version 1.21 Description: A vulnerability was found in the HTTP GET Request Handler component, which can lead to denial of service. The manipulation can be initiated remotely. The exploit has been disclosed to the public...

PT-2024-3586 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: Suite CRM version 7.14.2 Description: The issue is related to a Local File Inclusion LFI vulnerability, which allows an attacker to include local PHP files. This can enable a remote attacker to run or open files on the web server without havi...

AZL-44811 CVE-2023-6992 affecting package clucene 2.3.3.4-40

Cloudflare version of zlib library was found to be vulnerable to memory corruption issues affecting the deflation algorithm implementation deflate.c. The issues resulted from improper input validation and heap-based buffer overflow. A local attacker could exploit the problem during compression...

PT-2024-1051 · Apktool +1 · Apktool +1

Name of the Vulnerable Software and Affected Versions: Apktool versions 2.9.1 and prior Description: The issue is related to incorrect restriction of the directory path name with limited access. An attacker can exploit this to write or overwrite arbitrary data. Apktool infers resource files' outp...

PT-2023-32924 · Unknown · Campcodes Online College Library System

Name of the Vulnerable Software and Affected Versions: Campcodes Online College Library System version 1.0 Description: A critical issue affects the processing of the file /admin/book row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to SQL injection. T...

PYSEC-2023-259

A vulnerability, which was classified as critical, has been found in MicroPython 1.21.0/1.22.0-preview. Affected by this issue is the function pollsetaddfd of the file extmod/modselect.c. The manipulation leads to use after free. The exploit has been disclosed to the public and may be used. The...

PT-2023-32917 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions up to 4.2.0 Description: A problematic vulnerability has been found in Novel-Plus, affecting an unknown part of the file /user/updateUserInfo of the component HTTP POST Request Handler. The manipulation of the nickName...

GHSA-CW2R-4P82-QV79 DoS with algorithms that use PBKDF2 due to unbounded PBES2 Count value

Impact Denial of Service, Applications that allow the use of the PBKDF2 algorithm. Patches A patch is available that sets the maximum number of default rounds. Workarounds Applications that do not need to use PBKDF2 should simply specify the algorithms use and exclude it from the list. Applicatio...

PT-2023-32907 · Gopeak · Gopeak Masterlab

Name of the Vulnerable Software and Affected Versions: gopeak MasterLab versions up to 3.3.10 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the function sqlInjectDelete of the file app/ctrl/framework/Feature.php. The manipulation o...

PT-2023-28839

Name of the Vulnerable Software and Affected Versions Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser version 6.65.022 dab24cc6 231221 gp Description The issue allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivit...

PT-2023-31463 · Unknown · Foundation

Name of the Vulnerable Software and Affected Versions: Foundation platform version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation. The signed message lacks a nonce, which is a random number. This flaw may expos...

CVE-2023-50708 yii2-authclient vulnerable to possible timing attack on string comparison in OAuth1, OAuth2 and OpenID Connect implementation

yii2-authclient is an extension that adds OpenID, OAuth, OAuth2 and OpenId Connect consumers for the Yii framework 2.0. In yii2-authclient prior to version 2.2.15, the Oauth1/2 state and OpenID Connect nonce is vulnerable for a timing attack since it is compared via regular string comparison...

PT-2023-31286 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtDesc parameter of the "Employer/InsertJob.php" resource does not validate the characters received, and they are sent...

PT-2023-31494 · Trimble · Trimble Sketchup Viewer

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability...

WordPress Colibri Page Builder Plugin <= 1.0.246 is vulnerable to Cross Site Scripting (XSS)

Software Colibri Page Builder Type Plugin Vulnerable versions = 1.0.246 Fixed in 1.0.248 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-50833 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 1d11825976b2 Credits LVT-tholv2k Required privileg...

PT-2023-32814 · Jahastech · Nxfilter

Name of the Vulnerable Software and Affected Versions: Jahastech NxFilter version 4.3.2.5 Description: A problematic issue has been found in the Bind Request Handler component, affecting the processing of the file user,adap.jsp?actionFlag=test&id=1. This leads to ldap injection and can be initiat...

PT-2023-32813 · Jahastech · Nxfilter

Name of the Vulnerable Software and Affected Versions: Jahastech NxFilter version 4.3.2.5 Description: A problematic vulnerability was found in Jahastech NxFilter, affecting the file /config,admin.jsp. The manipulation of the admin name argument leads to cross-site request forgery. The attack can...

PT-2023-30804 · Softnext · Softnext Mail Sqr Expert

Name of the Vulnerable Software and Affected Versions: Softnext Mail SQR Expert affected versions not specified Description: The issue is related to a path traversal vulnerability within a specific URL parameter. This allows an unauthenticated remote attacker to bypass authentication and download...

DEBIAN-CVE-2023-37457

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...

Design/Logic Flaw

Asterisk is an open source private branch exchange and telephony toolkit. In Asterisk versions 18.20.0 and prior, 20.5.0 and prior, and 21.0.0; as well as ceritifed-asterisk 18.9-cert5 and prior, the 'update' functionality of the PJSIPHEADER dialplan function can exceed the available buffer space...