Unrestricted file upload

Unrestricted file upload in /main/inc/ajax/document.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

Unrestricted file upload

Unrestricted file upload in /main/inc/ajax/work.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

Cross site scripting

Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell...

Code injection

Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

Unrestricted file upload

Unrestricted file upload in /main/inc/ajax/dropbox.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

Unrestricted file upload

Unrestricted file upload in /main/inc/ajax/exercise.ajax.php in Chamilo LMS = v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files...

Design/Logic Flaw

Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and live injection, aka BLUFFS...

Path traversal

Path traversal in file upload functionality in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file write...

Design/Logic Flaw

Improper sanitisation in main/inc/lib/fileUpload.lib.php in Chamilo LMS = v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of .htaccess file. This vulnerability may be exploited ...

Command injection

Command injection in /main/webservices/additionalwebservices.php in Chamilo LMS = v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960...

Input validation

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the sumeta shortcode due to missing validation on the user controlled keys 'key' and 'postid'. This makes it possible for...

Design/Logic Flaw

The Admin Classic Bundle provides a Backend UI for Pimcore. AdminBundle\Security\PimcoreUserTwoFactorCondition introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system without having to provide the two factor...

Cross site scripting

The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's sumeta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitization and output escaping on user supplied...

Design/Logic Flaw

OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1...

Security feature bypass

OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.4 and 5.1.1...

Security feature bypass

OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and...

Design/Logic Flaw

Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Service of the autoscaler from an unbound...

Input validation

The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpressprocessupload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers with administrator-level capabilities or above...

Privilege escalation

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...

Privilege escalation

An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system files on an affected device...

Buffer overflow

A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN series firmware versions 4.30...

Buffer overflow

A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50W series firmware version 5.37, and USG20W-VPN series firmware version 5.37, could allow an authenticated local attacker with administrator privileges to cause...

Design/Logic Flaw

An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module...

Cross site scripting

A cross-site scripting XSS vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50W series firmware versions 5.10 through 5.37, USG20W-VPN series firmware versions 5.10 through 5.37, and VPN...

Input validation

An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and...

Privilege escalation

An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37, and VPN seri...

Integer overflow

An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series...

Code injection

A vulnerability has been identified in the Node.js .msi version installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" process, running under the NT AUTHORITY\SYSTEM...

Privilege escalation

An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50W series firmware versions 4.16 through 5.37, USG20W-VPN series firmware versions 4.16 through 5.37,...

Open redirect

Rejected reason: This CVE ID was unused by the CNA...

Cross site scripting

A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting XSS attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an attacker to inject malicious java script...

Open redirect

Rejected reason: This CVE ID was unused by the CNA...

Design/Logic Flaw

In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering...

Design/Logic Flaw

An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function...

Sql injection

In the module "Product Catalog CSV, Excel Export/Update" updateproducts 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method productsUpdateModel::getExportIds has sensitive SQL calls that can be executed with a trivial http call and exploited to forge a SQL...

Cross site scripting

Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransformJSON Processor, visits a crafted URL, the...

Heap overflow

A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the nexttoken function at awk.c:1159...

Design/Logic Flaw

A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function...

Sql injection

SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function...

Design/Logic Flaw

A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function...

Default credentials

In the module "CSV Feeds PRO" csvfeeds 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can access exports from the module which can lead t...

Security feature bypass

OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patched in version 5.1.1...

Code injection

The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users...

Design/Logic Flaw

A use-after-free vulnerability was discovered in xasprintf function in xfuncsprintf.c:344 in BusyBox v.1.36.1...

Sql injection

SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component...

Code injection

An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption...

Stack overflow

Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function formfastsettingwifiset...

Path traversal

OroPlatform is a PHP Business Application Platform BAP designed to make development of custom business applications easier and faster. Path Traversal is possible in Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName. With this method, an attacker can pass the path to a non-existent file...

Design/Logic Flaw

In Math/BinaryField.php in phpseclib 3 before 3.0.34, excessively large degrees can lead to a denial of service...

Stack overflow

Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName...