Arbitrary file read via SQL injection

Impact It is possible for a user having access to the SQL Manager Advanced Options - Database to arbitrary read any file on the Operating system when using SQL function LOADFILE in a SELECT request. So It can access to critical information. Patches The patch will be on PS 8.0.4 and PS 1.7.8.9...

PT-2023-2990 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.107 Description: The issue is related to a directory traversal vulnerability in the /dialog/select media.php component of DedeCMS. This vulnerability is caused by incorrect restriction of the path name to a directory with...

CVE-2023-23938

Tuleap is a Free & Source tool for end to end traceability of application and system developments. Affected versions are subject to a cross site scripting attack which can be injected in the name of a color of select box values of a tracker and then reflected in the tracker administration...

CVE-2023-2059

A vulnerability was found in DedeCMS 5.7.87. It has been rated as problematic. Affected by this issue is some unknown functionality of the file uploads/include/dialog/selecttemplets.php. The manipulation leads to path traversal: '..\filedir'. The attack may be launched remotely. The exploit has...

CVE-2023-27643

An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library...

CVE-2023-27643

An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library...

Design/Logic Flaw

An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library...

CVE-2023-27643

An issue found in POWERAMP 925-bundle-play and Poweramp 954-uni allows a remote attacker to cause a denial of service via the Rescan button in Queue and Select Folders button in Library...

PT-2023-17471 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.87 Description: A problematic issue affects some unknown functionality of the file uploads/include/dialog/select templets.php. The manipulation leads to path traversal, specifically using '..filedir'. This issue can be...

POWERAMP 资源管理错误漏洞

POWERAMP is a music player for Android. A security vulnerability exists in POWERAMP that could allow an attacker to cause a denial of service via the Rescan button and Select Folders button...

CVE-2023-27643

POWERAMP versions 925-bundle-play through 954-uni are affected. A remote attacker can cause a denial-of-service by triggering the Rescan button in Queue or the Select Folders button in Library. The only remediation documented is a temporary workaround: disable the Rescan button in Queue and the S...

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend Cranelift has a bug on x86_64 platforms for the WebAssembly `i8x16.select` instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one error in the calculation of the mask to the `pshufb` instruction which causes incorrect results to be returned if lanes are selected from the second vector. This codegen bug has been fixed in Wasmtiem 6.0.1 5.0.1 and 4.0.1. Users are recommended to upgrade to these updated versions. If upgrading is not an option for you at this time you can avoid this miscompilation by disabling the Wasm simd proposal. Additionally the bug is only present on x86_64 hosts. Other platforms such as AArch64 and s390x are not affected.

...

Multiple XSS on update funtions with module select options and search form

Description XSS vulnerability occurs in forms have select and search Proof of Concept POST /bumsys/xhr/?module=peoples&page=updateCustomer HTTP/1.1 Host: localhost User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:109.0 Gecko/20100101 Firefox/111.0 Accept: / Accept-Language:...

Malicious Package

Overview usaa-select is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

Malicious code in usaa-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1a0a2b3751f6688b7b93ed4f71fc77b99863442191da95fcd67f8555fe4a8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2023-924 Malicious code in usaa-select (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware e1a0a2b3751f6688b7b93ed4f71fc77b99863442191da95fcd67f8555fe4a8e2 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

An off-by-one error was found in the SCSI device emulation in QEMU. It could occur while processing MODE SELECT commands in mode_sense_page() if the 'page' argument was set to MODE_PAGE_ALLS (0x3f). A malicious guest could use this flaw to potentially crash QEMU resulting in a denial of service condition.

...

GHSA-XM67-587Q-R2VW wasmtime vulnerable to miscompilation of `i8x16.select` with the same inputs on x86_64

Impact Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indices are greater than 16. There is an off-by-one...

AZL-25857 CVE-2023-27477 affecting package rust for versions less than 1.68.2-2

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indice...

CVE-2023-27477

wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's code generation backend, Cranelift, has a bug on x8664 platforms for the WebAssembly i8x16.select instruction which will produce the wrong results when the same operand is provided to the instruction and some of the selected indice...