PT-2023-3152 · Cisco · Cisco Telepresence Ce +1

Name of the Vulnerable Software and Affected Versions: Cisco TelePresence CE and RoomOS versions affected versions not specified Description: The issue is related to improper access controls on files in the local file system, allowing an authenticated, local attacker to overwrite arbitrary files...

PT-2023-18790 · Tigergraph · Tigergraph Enterprise Free Edition

Name of the Vulnerable Software and Affected Versions: TigerGraph Enterprise Free Edition versions 3.x Description: The issue allows for unsecured read access to an SSH private key. Any code running as the tigergraph user can read the SSH private key, granting an attacker password-less SSH access...

Sielco Analog FM Transmitter 2.12 Cross Site Request Forgery

CSRF Add Admin: ---------------...

Exploit for Cross-site Scripting in Zcbs Zijper_Publication_Management_System

CVE-2023-26692 ZCBS/ZCBS/ZPBS/ZBBS Reflected XSS Explo...

Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family (CVE-2012-6354)

Problem Security bulletin: Authentication bypass vulnerability in IBM SAN Volume Controller and Storwize Family CVE-2012-6354 Resolving The Problem Security Bulletin --- Summary --- Administrative access to the system via the GUI may be obtained without supplying proper credentials. Vulnerability...

CVE-2022-1230

This vulnerability allows local attackers to execute arbitrary code on affected installations of Samsung Galaxy S21 prior to 4.5.40.5 phones. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw...

CVE-2022-39291

creationtimestamp| type| source ---|---|--- 2023-03-27 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51071...

Linux kernel resource management error vulnerability (CNVD-2023-34470)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a security issue in the traffic control index filter tcindex, where a call to tcfextsexec while using a...

Answer Cross-Site Scripting Vulnerability (CNVD-2023-31162)

Answer is an open source knowledge-based community software. You can quickly use it to build Q&A communities for your products, customers, teams and more. Answer has a cross-site scripting vulnerability in versions prior to 1.0.6. The vulnerability stems from the fact that when answering added ne...

CVE-2023-0938

creationtimestamp| type| source ---|---|--- 2023-02-21 12:16:42+00:00| seen| https://t.me/cibsecurity/58570 2023-04-06 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51288...

Fortinet FortiWeb Cross-Site Scripting Vulnerability (CNVD-2023-18299)

Fortinet FortiWeb is a Web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures Web applications and protects sensitive database content. A cross-site scripting vulnerability exists...

Exploit for CVE-2023-31711

CVE-2023-31711 Incorrect Access Control in ZKTECO allows...

Exploit for CVE-2022-25765

Exploit for CVE-2022-25765 pdfkit - Command Injection !Git...

Linux kernel input validation error vulnerability (CNVD-2023-58992)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. An input validation error vulnerability exists in Linux kernel. An attacker could exploit this vulnerability to cause a memory leak and system crash...

Vulnerability of the Server component: The Optimizer component of the MySQL Server database management system, which allows a hacker to cause a service failure.

The vulnerability of the MySQL Server component of the database management system involves insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause service interruptions...

CVE-2023-0527

creationtimestamp| type| source ---|---|--- 2023-01-27 14:34:22+00:00| seen| https://t.me/cibsecurity/57026 2023-05-31 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/51494...

CVE-2023-22736 argo-cd Controller reconciles apps outside configured namespaces when sharding is enabled

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions starting with 2.5.0-rc1 and above, prior to 2.5.8, and version 2.6.0-rc4, are vulnerable to an authorization bypass bug which allows a malicious Argo CD user to deploy Applications outside the configured allowed...

Unchecked Loops and Use of selfbalance() Function Vulnerability in Smart Contract.

Lines of code Vulnerability details Impact Use of unchecked in-for loops. unchecked bytes32 orderHash; // Iterate over each order. for uint256 i = 32; i terminalMemoryOffset; i += 32 assembly orderHash := mloadaddorderHashes, i // Do not emit an event if no order hash is present. if orderHash ==...

CVE-2022-45299

An issue in the IpFile argument of rust-lang webbrowser-rs v0.8.2 allows attackers to access arbitrary files via supplying a crafted URL...

Exploit for Out-of-bounds Write in Linux Linux_Kernel

This is a PoC exploit for CVE-2022-0995, a heap out-of-bounds write in the watchqueue Linux kernel component. The exploit targets Ubuntu 21.10 with kernel 5.13.0-37. It uses the same technique described in a Google Security Research writeup for CVE-2021-22555. The exploit is not 100% reliable and...