CVE-2023-34254 Remote inventory task command injection when using ssh command mode

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

CVE-2023-34254 Remote inventory task command injection when using ssh command mode

The GLPI Agent is a generic management agent. Prior to version 1.5, if glpi-agent is running remoteinventory task against an Unix platform with ssh command, an administrator user on the remote can manage to inject a command in a specific workflow the agent would run with the privileges it uses. I...

Updated kernel packages fix security vulnerabilities

This kernel update is based on upstream 5.15.117 and fixes atleast the following security issues: In the Linux kernel through 6.2.7, fs/ntfs3/inode.c has an invalid kfree because it does not validate MFT flags before replaying logs CVE-2022-48425. An out-of-bounds memory access flaw was found in...

Fedora 38 : kernel (2023-75b22000cd)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-75b22000cd advisory. The 6.3.7 stable kernel update contains a number of important fixes across the tree. Tenable has extracted the preceding description block directly...

WordPress Plugin Directorist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Important: Red Hat Security Advisory: kernel security and bug fix update

An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

DEBIAN-CVE-2023-33970

Kanboard is open source project management software that focuses on the Kanban methodology. A vulnerability related to a missing access control was found, which allows a User with the lowest privileges to leak all the tasks and projects titles within the software, even if they are not invited or...

Improper access control

Kanboard is open source project management software that focuses on the Kanban methodology. Versions prior to 1.2.30 are subject to a missing access control vulnerability that allows a user with low privileges to create or transfer tasks to any project within the software, even if they have not...

CVE-2023-33969 Stored Cross site scripting in the Task External Link Functionality in Kanboard

Kanboard is open source project management software that focuses on the Kanban methodology. A stored Cross site scripting XSS allows an attacker to execute arbitrary Javascript and any user who views the task containing the malicious code will be exposed to the XSS attack. Note: The default CSP...

PT-2023-24610 · Kanboard · Kanboard

Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.30 Description: A missing access control issue was found in Kanboard, allowing a user with the lowest privileges to leak all task and project titles, even if they are not invited or it's a personal project. This...

Kanboard 信息泄露漏洞

Kanboard is a suite of open source visual task board software. The software has the ability to customize the panels according to the business. An information disclosure vulnerability exists in Kanboard versions prior to 1.2.30, which stems from an insecure direct object reference IDOR vulnerabili...

Kanboard 安全漏洞

Kanboard is a suite of open source visual task board software. The software has the ability to customize the panels to suit the business. A security vulnerability exists in Kanboard 1.2.29 and earlier versions, which stems from a lack of access control and allows a low-privileged user to disclose...

PT-2023-24608

Name of the Vulnerable Software and Affected Versions Kanboard versions prior to 1.2.30 Description Kanboard is open source project management software that focuses on the Kanban methodology. The software is subject to a missing access control issue that allows a user with low privileges to creat...

PUB-A-213942596

In startLockTaskMode of LockTaskController.java, there is a possible bypass of lock task mode due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

[SECURITY] Fedora 37 Update: bottles-51.6-1.fc37

Easily manage Wine prefix in a new way! Run Windows software and games on Linux. Features: Create bottles based on environments a set of rule and dependencies for better software compatibility Access to a customizable environment for all your experiments Run every executable .exe/.msi in your...

Memory corruption vulnerability in Mitsubishi PLC could lead to DoS, code execution

Cisco Talos recently discovered a memory corruption vulnerability in the Mitsubishi MELSEC iQ-F FX5U programmable logic controller that is caused by a buffer overflow condition. The iQ-F FX5U is one offering in Mitsubishis MELSEC PLC line of hardware that comes with a built-in processor, power...

CVE-2023-33439

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/managetask.php?id=...

CVE-2023-33439

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/managetask.php?id=...

CVE-2023-33439

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via /eval/admin/managetask.php?id=...

CISA and Partners Update the #StopRansomware Guide, Developed through the Joint Ransomware Task Force (JRTF)

Today, CISA, the Federal Bureau of Investigation FBI, the National Security Agency NSA, and the Multi-State Information Sharing and Analysis Center MS-ISAC published an updated version of the StopRansomware Guide, as ransomware actors have accelerated their tactics and techniques since its initia...