6 matches found
CVE-2025-34274 Nagios Log Server < 2024R2.0.3 Logstash Process Root Privileges
Nagios Log Server versions prior to 2024R2.0.3 contain an execution with unnecessary privileges vulnerability as it runs its embedded Logstash process as the root user. If an attacker is able to compromise the Logstash process - for example by exploiting an insecure plugin, pipeline configuration...
EUVD-2023-1690
Malicious code in bioql PyPI...
CVE-2024-34449
Vditor 3.10.3 allows XSS via an attribute of an A element. NOTE: the vendor indicates that a user is supposed to mitigate this via sanitize=true...
mintlistMint: Address that is in both merkle trees not correctly handled
Lines of code Vulnerability details Impact It is possible to set two merkle roots for the mintlist mintlistMerkleRoot1 and mintlistMerkleRoot2 and both trees are used in queries: require MerkleProof.verifymerkleProof, mintlistMerkleRoot1, leaf || MerkleProof.verifymerkleProof, mintlistMerkleRoot2...
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
Exploit for windows platform in category local exploits Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL Type: Backup Software Version:...
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation
ArcServe UDP 6.0.3792 Update 2 Build 516 - Unquoted Service Path Privilege Escalation Title: ArcServe UDP - Unquoted Service Path Privilege Escalation CWE Class: CWE-427: Uncontrolled Search Path Element Date: 04/09/2016 Vendor: ArcServe Product: ArcServe UDP Standard Edition for Windows, TRIAL...