CVE-2023-38501 copyparty vulnerable to reflected cross-site scripting via k304 parameter

copyparty is file server software. Prior to version 1.8.7, the application contains a reflected cross-site scripting via URL-parameter ?k304=... and ?setck=.... The worst-case outcome of this is being able to move or delete existing files on the server, or upload new files, using the account of t...

GO-2023-1713 Path traversal in github.com/sjqzhang/go-fastdfs

An attacker can craft a remote request to upload a file to "/group1/upload" that uses path traversal to instead write the file contents to an attacker controlled path on the server...

GHSA-H4C9-RR5M-32FM RuoYi vulnerable to arbitrary file download

An arbitrary file download vulnerability in the background management module of RuoYi v4.7.6 and below allows attackers to download arbitrary files in the server...

WiFi Mouse 1.8.3.2 Remote Code Execution

Exploit Title: WiFi Mouse 1.8.3.2 - Remote Code Execution RCE Date: 13-10-2022 Author: Payal Vendor Homepage: http://necta.us/ Software Link: http://wifimouse.necta.us/download Version: 1.8.3.2 Tested on: Windows 10 Pro Build 21H2 Desktop Server software used by mobile app has PIN option which do...

PT-2023-13472 · Intel · Fcs Server

Name of the Vulnerable Software and Affected Versions: FCS Server software maintained by Intel versions prior to 1.1.79.3 Description: The issue is related to an uncaught exception in the FCS Server software, which may allow a privileged user to potentially enable denial of service via physical...

CVE-2023-25577 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines-visualization-server...

KLA20232 Multiple vulnerabilities in Microsoft Server Software

Remote code execution vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to execute arbitrary code. Original advisories CVE-2023-21707 CVE-2023-21710 CVE-2023-21529 CVE-2023-21706 Exploitation Public exploits exist for this vulnerability...

CVE-2023-0003 Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server...

Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server

A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. Work around: There are no known workarounds for this issue...

PT-2023-10341 · Unknown · Mosbth Cimage

Name of the Vulnerable Software and Affected Versions: mosbth cimage versions up to 0.7.18 Description: A vulnerability was found in mosbth cimage, affecting an unknown functionality of the file check system.php. The manipulation of the argument $ SERVER'SERVER SOFTWARE' leads to cross site...

PT-2023-32991 · Packagist · Pocketmine/Pocketmine-Mp

Name of the Vulnerable Software and Affected Versions: No specific software name is mentioned, but based on the context, it appears to be related to a server software, possibly a game server, with affected versions not specified. Description: The issue arises from a workaround for an old client b...

Denial Of Service (DoS)

github.com/containerd/containerd is vulnerable to denial of service. The vulnerability exists in the CRI stream server of httpstream.go due to exhausted memory on the host, which allows an attacker to cause an application crash via issuing a faulty command...

KLA20042 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to spoof user interface, gain privileges. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange Server can be exploited remotely to spoof us...

KLA19264 Multiple vulnerabilities in Microsoft Server Software

Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to gain privileges, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in Microsoft Exchange Server can be exploited...

CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...

CVE-2022-2552

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site...

PT-2022-17348

Name of the Vulnerable Software and Affected Versions Duplicator WordPress plugin versions prior to 1.4.7 Description The issue concerns the lack of authentication or authorization for visitors, allowing them to view sensitive system information, including server software, PHP version, and the fu...

The vulnerability of the Advantech SQ Manager Server software lies in improper default access rights settings, which allow attackers to escalate their privileges.

The vulnerability of the Advantech SQ Manager Server software is related to incorrect default access permissions settings. Exploiting this vulnerability can allow attackers to increase their privileges by using a specially created file...

CVE-2022-36234

SimpleNetwork TCP Server commit 29bc615f0d9910eb2f59aa8dff1f54f0e3af4496 was discovered to contain a double free vulnerability which is exploited via crafted TCP packets...

Denial Of Service (DoS)

github.com/kubeedge/kubeedge is vulnerable to denial of service DoS attacks. An attacker is able to cause denial of service conditions via memory exhaustion by sending a specifically crafted HTTP request with a large body through the signEdgeCert function in server.go...