7884 matches found
CVE-2023-36704
Windows Setup Files Cleanup Remote Code Execution Vulnerability...
Remote code execution
Windows Setup Files Cleanup Remote Code Execution Vulnerability...
CVE-2023-36704 Windows Setup Files Cleanup Remote Code Execution Vulnerability
...
CVE-2023-36704
Converging details from connected documents indicate CVE-2023-36704, named Windows Setup Files Cleanup, is a remote code execution vulnerability in the Windows Setup Files Cleanup component. The KLA61358 entry explicitly notes a remote code execution vulnerability for Windows Setup Files Cleanup ...
CVE-2023-36704 Windows Setup Files Cleanup Remote Code Execution Vulnerability
...
October 10, 2023—KB5031364 (OS Build 20348.2031)
October 10, 2023—KB5031364 OS Build 20348.2031 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server 2022, see its update history page. Note Follow @WindowsUpdate to find out whe...
Windows Setup Files Cleanup Remote Code Execution Vulnerability
...
CVE-2023-45208
A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...
CVE-2023-45208
A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...
CVE-2023-45208
A command injection in the parsingxmlstasurvey function inside libcgifunc.so of the D-Link DAP-X1860 repeater 1.00 through 1.01b05-01 allows attackers within range of the repeater to run shell commands as root during the setup process of the repeater, via a crafted SSID. Also, network names...
PT-2023-6153 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The vulnerability is related to insufficient input validation in the Windows Setup Files Cleanup component. It allows remote attackers to execute arbitrary code on the system...
CVE-2023-45208
The CVE-2023-45208 issue affects D-Link DAP-X1860 repeaters (versions 1.00–1.01b05-01) where the parsing_xml_stasurvey function in libcgifunc.so is vulnerable to command injection. An attacker within wireless range can craft the SSID to execute shell commands as root during setup; network names c...
Code injection
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
CVE-2023-36820 micronaut security has invalid IdTokenClaimsValidator logic on aud
Micronaut Security is a security solution for applications. Prior to versions 3.1.2, 3.2.4, 3.3.2, 3.4.3, 3.5.3, 3.6.6, 3.7.4, 3.8.4, 3.9.6, 3.10.2, and 3.11.1, IdTokenClaimsValidator skips aud claim validation if token is issued by same identity issuer/provider. Any OIDC setup using Micronaut...
DakshSCRA - Source Code Review Assist
Daksh SCRA Source Code Review Assist tool is built to enhance the efficiency of the source code review process, providing a well-structured and organized approach for code reviewers. Rather than indiscriminately flagging everything as a potential issue, Daksh SCRA promotes thoughtful analysis,...
Exploit for CVE-2023-38646
Metabase Pre-Auth RCE CVE-2023-38646 POC This is a script w...
Login screen manager <= 3.5.2 - Admin+ Stored XSS
Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC Put the following payload in the...
PortlandLabs Concrete CMS SEO-Extra Feature Cross-Site Scripting Vulnerability
PortlandLabs Concrete CMS is a team-oriented open source content management system of the United States PortlandLabs company . A cross-site scripting vulnerability exists in the PortlandLabs Concrete CMS SEO-Extra feature, which can be exploited by an attacker to execute arbitrary code via a...