145 matches found
[SECURITY] Fedora 41 Update: podman-5.2.4-1.fc41
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
CVE-2024-25632
CVE-2024-25632 affects eLabFTW. A regular user can become an administrator of a team where they are a member under a reasonable configuration, and in versions after v5.0.0 an initially unauthenticated user may gain administrative privileges over an arbitrary team. The vulnerability does not grant...
CVE-2024-25632 Unauthorised granting of administrator privileges over arbitrary teams under certain circumstances
eLabFTW is an open source electronic lab notebook for research labs. In the context of eLabFTW, an administrator is a user account with certain privileges to manage users and content in their assigned team/teams. A user may be an administrator in one team and a regular user in another. The...
PT-2024-24540 · Hsc Cybersecurity · Hc Mailinspector
Name of the Vulnerable Software and Affected Versions: HSC Cybersecurity HC Mailinspector versions 5.2.17-3 through 5.2.18 Description: The issue allows a regular user account to escalate their privileges and gain administrative access by changing the type parameter from 1 to 0. Recommendations:...
Apache Zeppelin Cross-Site Scripting Vulnerability (CNVD-2024-17939)
Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from a cross-site scripting vulnerability that stems from improper coding or escaping, which can be...
[SECURITY] Fedora 39 Update: podman-4.9.4-1.fc39
podman Pod Manager is a fully featured container engine that is a simple daemonless tool. podman provides a Docker-CLI comparable command line that eases the transition from other container engines and allows the management of pods, containers and images. Simply put: alias docker=3Dpodman. Most...
CVE-2024-0071 CVE
NVIDIA GPU Display Driver for Windows contains a vulnerability in the user mode layer, where an unprivileged regular user can cause an out-of-bounds write. A successful exploit of this vulnerability may lead to code execution, denial of service, escalation of privileges, information disclosure, a...
CVE-2024-26262
EBM Technologies Uniweb/SoliPACS WebServer's query functionality lacks proper restrictions of user input, allowing remote attackers authenticated as regular user to inject SQL commands for reading, modifying, and deleting database records, as well as executing system commands. Attackers may even...
CVE-2023-41776
There is a local privilege escalation vulnerability of ZTE's ZXCLOUD iRAI.Attackers with regular user privileges can create a fake process, and to escalate local privileges...
PT-2024-40239 · Teleport · Teleport
Name of the Vulnerable Software and Affected Versions: Teleport versions prior to 12.4.31 Teleport versions prior to 13.4.13 Teleport versions prior to 14.2.4 Description: An attacker with access to nodes within the cluster may be able to SFTP to the Proxy Service. The user's permissions on the...
CVE-2023-48393
Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...
PT-2023-30815 · Kaifa Technology · Webitr
Name of the Vulnerable Software and Affected Versions: Kaifa Technology WebITR affected versions not specified Description: The file uploading function in Kaifa Technology WebITR does not restrict the upload of files with dangerous types. A remote attacker with regular user privileges can exploit...
CVE-2023-41343 Ragic No-Code Database Builder - Stored XSS
Rogic No-Code Database Builder's file uploading function has insufficient filtering for special characters. A remote attacker with regular user privilege can inject JavaScript to perform XSS Stored Cross-Site Scripting attack...
CVE-2023-46815
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...
CVE-2023-46815
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...
CVE-2023-46816
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...
CVE-2023-46815
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...
CVE-2023-46816
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...
Unrestricted file upload
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...
CVE-2023-46815
An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. An Unrestricted File Upload vulnerability has been identified in the Notes module. By using a crafted request, custom PHP code can be injected via the Notes module because of missing input validation. An attacker with...