5 matches found
GHSA-W7QC-6GRJ-W7R8 File Browser vulnerable to command execution allowlist bypass
Summary The Command Execution feature of Filebrowser only allows the execution of shell command which have been predefined on a user-specific allowlist. The implementation of this allowlist is erroneous, allowing a user to execute additional commands not permitted. Impact A user can execute more...
CVE-2025-23403
A vulnerability has been identified in SIMATIC IPC DiagBase All versions, SIMATIC IPC DiagMonitor All versions. The affected device do not properly restrict the user permission for the registry key. This could allow an authenticated attacker to load vulnerable drivers into the system leading to...
SUSE-SU-2023:2205-1 Security update for postgresql14
This update for postgresql14 fixes the following issues: Updated to version 14.8: - CVE-2023-2454: Fixed an issue where a user having permission to create a schema could hijack the privileges of a security definer function or extension script bsc1211228. - CVE-2023-2455: Fixed an issue that could...
majordomo.1.94.4.txt
Hi, I found something to discuss, this time involving majordomo. This was tested on a Slackware linux 8.0 kernel 2.4.8; majordomo version 1.94.4, I also tested the other versions and all default installs had the same problem, note that the versions 1.94.1 an 1.94.2 should NOT be used anymore, tho...
E-zine (MDMA group) опубликовали список уязвимостей во многих программных продуктах
Proxy Plus - небезопасные установки по-умолчанию, NiteServer FTPd - возможна DoS-атака, ISpy Webcam - хранит пароль в открытом виде, XiRCON IRC client - переполнение буфера, Offline Explorer - чтение локальных файлов с сервера, Argosoft FTP Server - обратный путь в директориях и множественные...