239 matches found
CVE-2023-48702 Jellyfin Possible Remote Code Execution via custom FFmpeg binary
Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the /System/MediaEncoder/Path endpoint executes an arbitrary file using ProcessStartInfo via the ValidateVersion function. A malicious administrator can setup a network share and supply a UNC path to...
CVE-2023-48702 Jellyfin Possible Remote Code Execution via custom FFmpeg binary
Jellyfin is a system for managing and streaming media. Prior to version 10.8.13, the /System/MediaEncoder/Path endpoint executes an arbitrary file using ProcessStartInfo via the ValidateVersion function. A malicious administrator can setup a network share and supply a UNC path to...
PTC Kepware KEPServerEX Input Validation Error Vulnerability
PTC Kepware KEPServerEX is an industrial automation data connectivity solution from PTC Corporation. PTC Kepware KEPServerEX 6.14.263.0 and earlier versions suffer from an input validation error vulnerability that stems from easy UNC path injection via a malicious project file.By tricking a user...
PTC Kepware KepServerEX (Update A)
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : PTC Equipment : Kepware KepServerEX Vulnerabilities : Uncontrolled Search Path Element, Improper Input Validation, Insufficiently Protected Credentials 2. RISK EVALUATION Successful exploitation of...
PT-2023-6970 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to insufficient protection of service data during NTLM authentication, specifically with the IsUNCPath method. This can allow a remote attacker to...
CVE-2023-40235
An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...
Design/Logic Flaw
An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...
CVE-2023-40235
An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...
CVE-2023-40235
An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...
CVE-2023-40235
An NTLM Hash Disclosure was discovered in ArchiMate Archi before 5.1.0. When parsing the XMLNS value of an ArchiMate project file, if the namespace does not match the expected ArchiMate URL, the parser will access the provided resource. If the provided resource is a UNC path pointing to a share...
Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability
On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability CVSS: 9.8 CRITICAL. The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and i...
Exploit for Improper Input Validation in Microsoft
A Simple PoC in PowerShell for CVE-2023-23397 CVE-2023-23397...
Directory traversal
Qaelum DOSE 18.08 through 21.1 before 21.2 allows Directory Traversal via the loadimages name parameter. It allows a user to specify an arbitrary location on the server's filesystem from which to load an image. Only images are displayed to the attacker. All other files are loaded but not displaye...
CVE-2022-38731
CVE-2022-38731 affects Qaelum DOSE versions 18.08–21.1 prior to 21.2. The issue is a directory traversal via the loadimages name parameter, allowing an attacker to specify an arbitrary filesystem path to load images (only images displayed; other files loaded but not shown) and to enumerate local ...
Exploit for CVE-2022-26809
Cve-2022-26809 CVE-2022-26809 This repo just simply resear...
pgadmin4 vulnerable to Code Injection
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...
CVE-2022-4223
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pgdump and pgrestore. The utility is executed by the server to determine what PostgreSQL version it is from. Versions of pgAdmin prior to 6.17 failed to...
Design/Logic Flaw
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...
CVE-2022-38130
The com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip method is used to restore the HSQLDB database used in SMS. It takes the path of the zipped database file as the single parameter. An unauthenticated, remote attacker can specify an UNC path for the database file i.e., \\sms,...
CVE-2022-38130
CVE-2022-38130 affects Keysight SMS (com.keysight.tentacle.config.ResourceManager.smsRestoreDatabaseZip). An unauthenticated, remote attacker can supply an UNC path to a zipped HSQLDB database, causing the database content to be restored and potentially enabling remote code execution as described...