Cesanta Mongoose Web Server 安全漏洞

Cesanta Mongoose Web Server is an embedded server and network library developed in C language by the Irish company Cesanta. Version 6.9 of Cesanta Mongoose Web Server contains a security vulnerability. This vulnerability arises from the possibility that establishing multiple socket connections ma...

WordPress plugin Pin WP 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue...

PT-2023-5463 · Wind River · Vxworks

Name of the Vulnerable Software and Affected Versions: Wind River VxWorks versions 6.9 through 7 Description: An issue was discovered in the tarExtract function, which implements TAR file extraction and processes files within an archive that have relative or absolute file paths. This could lead t...

PT-2023-16392 · WordPress · Wp Visitor Statistics

Name of the Vulnerable Software and Affected Versions: WP Visitor Statistics Real Time Traffic versions prior to 6.9 Description: The issue allows unauthenticated visitors to conduct SQL Injection attacks due to the plugin not escaping user input which is concatenated to an SQL query...

ManageEngine AssetExplorer < 6.9 Build 6989 XXE

An XML external entity XXE vulnerability exists in ManageEngine AssetExplorer 6.9 Build 6980 through Build 6988. A threat actor with the SDAdmin role can configure a malicious server to return a response with a malformed XML using the Reports integration API, causing an XML External Entity XXE...

PT-2023-18834 · Zoho · Zoho Asset Explorer

Name of the Vulnerable Software and Affected Versions: Zoho Asset Explorer version 6.9 Description: A Cross Site Scripting XSS issue exists in Zoho Asset Explorer via the credential name when creating a new Assets Workstation. This allows for potential malicious script execution. Recommendations:...

Aruba Networks ClearPass 安全漏洞

Aruba Networks ClearPass is an access management system from Aruba Networks, Inc. that integrates network control, application and device management capabilities. A security vulnerability exists in Aruba Networks ClearPass. An attacker could exploit the vulnerability to elevate user privileges to...

ManageEngine AssetExplorer 6.9 Build 6980 XXE

An XML external entity XXE vulnerability exists in ManageEngine AssetExplorer 6.9 Build 6980 due to a flaw in the Analytics Plus integration. Threat actors with admin role access can retrieve local files from the server running the affected products. Note that Nessus has not tested for this issue...

CVE-2022-23694

Vulnerabilities in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit these vulnerabilities to obtain and modify sensitive information...

CVE-2022-37878

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

CVE-2022-37882

Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...

PT-2022-24124 · Aruba · Aruba Clearpass Policy Manager

Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.x through 6.10.6 Aruba ClearPass Policy Manager versions 6.9.x through 6.9.11 Description: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated...

Cross site scripting

Archer Platform 6.9 SP2 P2 before 6.11 P3 6.11.0.3 contain a reflected XSS vulnerability. A remote unauthenticated malicious Archer user could potentially exploit this vulnerability by tricking a victim application user into supplying malicious JavaScript code to the vulnerable web application...

Command injection

A remote arbitrary command execution vulnerability was discovered in Aruba ClearPass Policy Manager versions: ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. Aruba has released patches for...

WordPress Absolutely Glamorous Custom Admin plugin <= 6.8 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Jörgson Patchstack Red Team in WordPress Absolutely Glamorous Custom Admin plugin versions = 6.8. Solution Update the WordPress Absolutely Glamorous Custom Admin plugin to the latest available version at least 6.9, addition...

EMC RSA Archer 6.6 < 6.6 P8 / 6.7 < 6.7 P8 / 6.8 < 6.8 P5 / 6.9 < 6.9 SP1 P1 Stored Cross-site Scripting

The version of EMC RSA Archer running on the remote web server is 6.6.x prior to 6.6.0.8 6.6 P8, 6.7.x prior to 6.7.0.8 6.7 P8, 6.8.x prior to 6.8.0.5 6.8 P5 or 6.9.x prior to 6.9.1.1 6.9 SP1 P1. It is, therefore, affected by a stored cross-site scripting vulnerability. A remote authenticated...

WordPress File Manager plugin <= 6.8 - Unauthenticated Arbitrary File Upload leading to RCE vulnerability

Unauthenticated Arbitrary File Upload leading to RCE vulnerability found by w4fz5uck5 in WordPress File Manager plugin versions = 6.8. Solution Update the WordPress File Manager plugin to the latest available version at least 6.9...

PT-2019-6017 · Schneider Electric · Modicon Quantum 140 Noe771X1

Name of the Vulnerable Software and Affected Versions: Modicon Quantum 140 NOE771x1 versions 6.9 and earlier Description: The issue is related to an Improper Check for Unusual or Exceptional Conditions, which could cause denial of service when the module receives an IP fragmented packet with a...

Code injection

Code42 Enterprise and Crashplan for Small Business Client version 6.7 before 6.7.5, 6.8 before 6.8.8, and 6.9 before 6.9.4 allows eval injection. A proxy auto-configuration file, crafted by a lesser privileged user, may be used to execute arbitrary code at a higher privilege as the service user...

JVN#12796388: Nessus vulnerable to cross-site scripting

Nessus contains a stored cross-site scripting CWE-79 vulnerability in handling .nessus files. Impact Arbitrary JavaScript may be executed on the user's web browser. Solution Update the Software Update to the latest version according to the information provided by the developer. Products Affected...