321 matches found
Remote Code Execution (RCE)
dolibarr/dolibarr is vulnerable to Remote Code Execution. This vulnerability exists in the dolKeepOnlyPhpCode function in website.lib.php due to improper user inputs validation, allowing an attacker to inject and execute arbitrary PHP code in the system...
USN-6463-1: Open VM Tools vulnerabilities
It was discovered that Open VM Tools incorrectly handled SAML tokens. A remote attacker Guest Operations privileges could possibly use this issue to escalate privileges. CVE-2023-34058 Matthias Gerstner discovered that Open VM Tools incorrectly handled file descriptors when dropping privileges. A...
CVE-2023-34059
A flaw was found in open-vm-tools. This flaw allows a malicious actor with non-root privileges to hijack the /dev/uinput file descriptor, allowing them to simulate user inputs...
Privilege Escalation
open-vm-tools is vulnerable to Privilege Escalation. The vulnerability is a file descriptor hijack within the vmware-user-suid-wrapper allowing a malicious attacker to simulate user inputs...
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
CVE-2023-34059
open-vm-tools contains a file descriptor hijack vulnerability in the vmware-user-suid-wrapper. A malicious actor with non-root privileges may be able to hijack the /dev/uinput file descriptor allowing them to simulate user inputs...
Denial Of Service (DoS)
libpoppler.so is vulnerable to Denial of Service DoS. The vulnerability exists in the readXRefTable function in XRef.cc because it does not properly validate the user-inputs, which allows an attacker to cause an application crash...
CVE-2023-4495 Easy Chat Server XSS vulnerability
Easy Chat Server, in its 3.1 version and before, does not sufficiently encrypt user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability stored via /registresult.htm POST method, in the Resume parameter. The XSS is loaded from /register.ghp...
Code Injection
edge is vulnerable to Code Injection. The vulnerability exists because the library does not properly validate user inputs script allowing an attacker to inject and execute malicious code...
Use After Free
Dpic is vulnerable to Use After Free. This vulnerability exists in the 'thedeletestringbox' function of 'dpic.y' due to the lack of validation of user inputs, which allows an attacker to exploit it through the use of maliciously crafted input...
Cross-site Scripting (XSS)
silverstripe/admin is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the tinymce.js due to lack of sanitization of user inputs during editing which allows an attacker to inject and execute arbitrary JavaScript into a victims browser...
Cross-site Scripting (XSS)
cockpit-hq/cockpit is vulnerable to Cross-site Scripting XSS. The vulnerability exists in the index.php due to lack of sanitization of user inputs during installation which allows an attacker to inject and execute arbitrary javascript into a victims browser...
Cross-Site Scripting (XSS)
gitlab is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape user inputs before it output to the front end when creating new abuse reports, allowing an attacker to inject and execute malicious javascript on victim's browser...
Cross site scripting
Sage X3 version 12.14.0.50-0 is vulnerable to Cross Site Scripting XSS. Some parts of the Web application are dynamically built using user's inputs. Yet, those inputs are not verified nor filtered by the application, so they mathed the expected format. Therefore, when HTML/JavaScript code is...
Cross-Site Scripting (XSS)
craftcms/cms is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly sanitize user inputs before it outputs to the front end, allowing an attacker to inject and execute malicious javascript through the reviewSession function in AssetIndexer.ts...
Remote Code Execution (RCE)
umbracocms is vulnerable to Remote Code Execution RCE. Lack of proper checking of supplied user inputs via msxsl:script in an xsltSelection to developer/Xslt/xsltVisualize.aspx allows an attacker to upload and execute malicious code on the system...