67 matches found
CVE-2025-31342 Galaxy Software Services Vitals ESP Forum Module - Unrestricted Upload of File with Dangerous Type
An unrestricted upload of file with dangerous type vulnerability in the upload file function of Galaxy Software Services Corporation Vitals ESP Forum Module through 1.3 version allows remote authenticated users to execute arbitrary system commands via a malicious file...
PT-2025-42751
Name of the Vulnerable Software and Affected Versions Galaxy Software Services Corporation Vitals ESP Forum Module versions through 1.3 Description An unrestricted upload of file with dangerous type flaw exists in the upload file function. This allows remote authenticated users to execute arbitra...
Galaxy Software Services Vitals ESP 安全漏洞
Galaxy Software Services Vitals ESP is a knowledge management system for office use by Galaxy Software Services China. A security vulnerability exists in Galaxy Software Services Vitals ESP version 1.3 and prior versions, which stems from the upload file feature not restricting the type of...
EUVD-2023-41198
Malicious code in bioql PyPI...
WordPress plugin Sala 安全漏洞
WordPress Sala is a WordPress theme designed for startups, SaaS services, software technology and more. WordPress Sala suffers from a missing authorization vulnerability that can be exploited by an attacker to cause access to features that are not restricted by ACLs...
Earth Ammit Breached Drone Supply Chains via ERP in VENOM, TIDRONE Campaigns
A cyber espionage group known as Earth Ammit has been linked to two related but distinct campaigns from 2023 to 2024 targeting various entities in Taiwan and South Korea, including military, satellite, heavy industry, media, technology, software services, and healthcare sectors. Cybersecurity fir...
Galaxy Software Services iota C.ai Conversational Platform 代码注入漏洞
Galaxy Software Services iota C.ai Conversational Platform is an intelligent AI conversational platform from Galaxy Software Services China. A code injection vulnerability exists in Galaxy Software Services iota C.ai Conversational Platform versions 1.0.0 through 2.1.3, which stems from a code...
Zero-Day Alert: Three Critical Ivanti CSA Vulnerabilities Actively Exploited
Ivanti has warned that three new security vulnerabilities impacting its Cloud Service Appliance CSA have come under active exploitation in the wild. The zero-day flaws are being weaponized in conjunction with another flaw in CSA that the company patched last month, the Utah-based software service...
Privilege escalation
Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...
CVE-2023-41357 Galaxy Software Services Vitals ESP - Arbitrary File Upload
Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...
CVE-2023-41357 Galaxy Software Services Vitals ESP - Arbitrary File Upload
Galaxy Software Services Corporation Vitals ESP is an online knowledge base management portal, it has insufficient filtering and validation during file upload. An authenticated remote attacker with general user privilege can exploit this vulnerability to upload and execute scripts onto arbitrary...
PT-2023-27925 · Galaxy Software Services · Vitals Esp
Name of the Vulnerable Software and Affected Versions: Galaxy Software Services Corporation Vitals ESP affected versions not specified Description: The issue is related to insufficient filtering and validation during file upload in an online knowledge base management portal. An authenticated remo...
CVE-2023-37291
The CVE-2023-37291 issue affects Galaxy Software Services Vitals ESP (versions 3.0.8–6.2.0) where a hard-coded encryption key enables an unauthenticated remote attacker to generate a valid token parameter and gain access to the system to operate processes and access data. This is confirmed across...
PT-2023-25889 · Galaxy Software Services · Galaxy Software Services Vitals Esp
Name of the Vulnerable Software and Affected Versions: Galaxy Software Services Vitals ESP versions 3.0.8 through 6.2.0 Description: The issue is related to the use of a hard-coded encryption key in Galaxy Software Services Vitals ESP. An unauthenticated remote attacker can generate a valid token...
SaaS in the Real World: How Global Food Chains Can Secure Their Digital Dish
The Quick Serve Restaurant QSR industry is built on consistency and shared resources. National chains like McDonald's and regional ones like Cracker Barrel grow faster by reusing the same business model, decor, and menu, with little change from one location to the next. QSR technology stacks mirr...
CVE-2022-46309 Galaxy Software Services Corporation. Vitals ESP - Arbitrary Path File Reading
Vitals ESP upload function has a path traversal vulnerability. A remote attacker with general user privilege can exploit this vulnerability to access arbitrary system files...
Galaxy Software Services Vitals ESP 路径遍历漏洞
Galaxy Software Services Vitals ESP is a Knowledge Management System KMS for office use from Galaxy Software Services, a company based in China. A security vulnerability exists in Galaxy Software Services Vitals ESP due to a path traversal vulnerability in the upload function. The vulnerability c...
Oracle PeopleSoft Enterprise PeopleTools Information Disclosure Vulnerability (CNVD-2023-12017)
Oracle Corporation Oracle is the world's largest provider of information management software and services, founded in 1977, headquartered in Redwood shore, California, USA, open to the world oracle certification. Oracle PeopleSoft Enterprise PeopleTools is the American Oracle Oracle company's...
Experts Uncover Malware Attacks Targeting Corporate Networks in Latin America
Cybersecurity researchers on Thursday took the wraps off a new, ongoing espionage campaign targeting corporate networks in Spanish-speaking countries, specifically Venezuela, to spy on its victims. Dubbed "Bandidos" by ESET owing to the use of an upgraded variant of Bandook malware, the primary...
Insider Logic Bombs
Add to the "not very smart criminals" file: According to court documents, Tinley provided software services for Siemens' Monroeville, PA offices for nearly ten years. Among the work he was asked to perform was the creation of spreadsheets that the company was using to manage equipment orders. The...