PT-2023-2975 · Faronics · Faronics Insight

Name of the Vulnerable Software and Affected Versions: Faronics Insight version 10.0.19045 Description: An issue in Faronics Insight allows an unauthenticated attacker to upload any type of file to any location on the Teacher Console's computer. This enables various exploitation paths, including...

CVE-2021-41231 OpenMage LTS DataFlow upload remote code execution vulnerability

OpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue...

CVE-2023-23609 contiki-ng BLE-L2CAP contains Improper size validation of L2CAP frames

Contiki-NG is an open-source, cross-platform operating system for Next-Generation IoT devices. Versions prior to and including 4.8 are vulnerable to an out-of-bounds write that can occur in the BLE-L2CAP module. The Bluetooth Low Energy - Logical Link Control and Adaptation Layer Protocol BLE-L2C...

PT-2023-12672 · Smartctl · Smartctl

Name of the Vulnerable Software and Affected Versions: smartctl versions all Description: The issue is related to Command Injection via the info method due to improper input sanitization. This allows for potential exploitation. No information is provided about the estimated number of potentially...

CVE-2023-22486 cmark-gfm Quadratic complexity bug in handle_close_bracket may lead to a denial of service

cmark-gfm is GitHub's fork of cmark, a CommonMark parsing and rendering library and program in C. Versions prior to 0.29.0.gfm.7 contain a polynomial time complexity issue in handleclosebracket that may lead to unbounded resource exhaustion and subsequent denial of service. This vulnerability has...

PT-2023-10625 · Bastianallgeier · Bastianallgeier Kirby Webmentions Plugin

Name of the Vulnerable Software and Affected Versions: bastianallgeier Kirby Webmentions Plugin affected versions not specified Description: A vulnerability was found in the bastianallgeier Kirby Webmentions Plugin, allowing for injection attacks. The manipulation can be launched remotely, but th...

PT-2023-10817 · Bigtree · Events Extension

Name of the Vulnerable Software and Affected Versions: Events Extension on BigTree affected versions not specified Description: A critical issue was found in the Events Extension, affecting the getRandomFeaturedEventByDate, getUpcomingFeaturedEventsInCategoriesWithSubcategories, recacheEvent, and...

PT-2023-16177 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.14 Description: The issue is related to Cross-site Scripting XSS - Stored, which can result in stolen user cookies. A proof of concept involves logging in with a dev account, navigating to specific...

PT-2023-9942 · Unknown · Php-Form-Builder-Class

Name of the Vulnerable Software and Affected Versions: manikandan170890 php-form-builder-class affected versions not specified Description: A vulnerability has been found in the Textarea Handler component of the php-form-builder-class, specifically in the file PFBC/Element/Textarea.php. The...

PT-2023-10579 · Unknown · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel of Insteon Hub. Specially crafted commands sent through the PubNub service can cause a...

PT-2023-9999 · Unknown · Zerochplus

Name of the Vulnerable Software and Affected Versions: zerochplus affected versions not specified Description: A vulnerability has been found in zerochplus, affecting the PrintResList function of the file test/mordor/thread.res.pl. The manipulation leads to cross-site scripting and can be initiat...

RHEL 7 : .NET 6.0 (RHSA-2023:0078)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0078 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. N...

PT-2023-10136 · Unknown · Emmflo Yuko-Bot

Name of the Vulnerable Software and Affected Versions: emmflo yuko-bot affected versions not specified Description: A vulnerability was found in emmflo yuko-bot, declared as problematic. The manipulation of the title argument leads to denial of service. The attack can be initiated remotely...

PT-2023-10332 · Forumhulp · Forumhulp

Name of the Vulnerable Software and Affected Versions: ForumHulp affected versions not specified Description: A critical issue was found in ForumHulp searchresults, affecting the list keywords function of the file event/listener.php. The manipulation of the word argument leads to SQL injection...

CVE-2023-22475 Cross-Site Scripting in Canarytoken history

Canarytokens is an open source tool which helps track activity and actions on your network. A Cross-Site Scripting vulnerability was identified in the history page of triggered Canarytokens prior to sha-fb61290. An attacker who discovers an HTTP-based Canarytoken a URL can use this to execute...

PT-2023-10118 · Unknown · Kassi Xingwall

Name of the Vulnerable Software and Affected Versions: kassi xingwall affected versions not specified Description: A critical issue has been found in kassi xingwall, affecting some unknown processing of the file app/controllers/oauth.js. The manipulation leads to session fixiation. Recommendation...

PT-2023-10195 · Unknown · Jeff-Kelley Opensim-Utils

Name of the Vulnerable Software and Affected Versions: jeff-kelley opensim-utils affected versions not specified Description: A critical issue has been found in jeff-kelley opensim-utils, affecting the DatabaseForRegion function of the file regionscrits.php. The manipulation of the region argumen...

Cross site scripting

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

CVE-2023-22454 Discourse vulnerable to Cross-site Scripting through pending post titles descriptions

Discourse is an option source discussion platform. Prior to version 2.8.14 on the stable branch and version 3.0.0.beta16 on the beta and tests-passed branches, pending post titles can be used for cross-site scripting attacks. Pending posts can be created by unprivileged users when a category has...

CVE-2022-23546 Discourse vulnerable to private topic leak via email#send_digest

In version 2.9.0.beta14 of Discourse, an open-source discussion platform, maliciously embedded urls can leak an admin's digest of recent topics, possibly exposing private information. A patch is available for version 2.9.0.beta15. There are no known workarounds for this issue...