Yan&Co Security Vulnerabilities

CVE-2023-39164

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19...

CVE-2023-39164

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin <= 4.6.19...

Mitsubishi Electric FA Engineering Software

View CSAF 1. EXECUTIVE SUMMARY CVSS v3 9.3 ATTENTION: Low attack complexity Vendor: Mitsubishi Electric Equipment: FA Engineering Software Products Vulnerability: Incorrect Default Permissions 2. RISK EVALUATION Successful exploitation of this vulnerability could allow a local attacker to...

CVE-2014-5329

GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation. 8001/tcp is served by a version of Apache HTTP server containing a flaw in handling HTTP requests (CVE-2011-3192), which may lead.....

Remote Code Execution Vulnerability in WPS Office of Zhuhai Kingsoft Office Software Co.

WPS Office is an office software suite from Zhuhai Kingsoft Office Software Co. A remote code execution vulnerability exists in WPS Office of Zhuhai Kingsoft Office Software Co. Ltd, which can be exploited by attackers to gain server...

Command Execution Vulnerability in Reporter Component of Shanghai Newshield Technology Co.

Ltd. is a professional security company with "network security" as the main axis and "make the network more secure" as the mission to provide customers with network security solutions. A command execution vulnerability exists in the Reporter component of Neudun Shanghai, which can be exploited by.....

co-cbstagebank.nl Cross Site Scripting vulnerability OBB-3403366

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Information leakage vulnerability in Jaeger Reports of Beijing Guo Torch Information Technology Co.

Beijing Guo Torch Information Technology Co., Ltd. is an information technology company engaged in computer software research and development, application and service, providing all-round support for large and medium-sized application system engineering. An information leakage vulnerability exists....

Deserialization Vulnerability in U8 Cloud of UFIDA Network Technologies Co.

U8 Cloud is a digital platform for enterprises to go to the cloud, integrating transactions, services and management into a total ERP solution. A deserialization vulnerability exists in UFIDA U8 Cloud, which can be exploited by attackers to remotely execute...

XSS Vulnerability in YouSpace APP of UFIDA Network Technology Co.

YouSpace APP is an enterprise space management software. YouSpace APP of UFIDA Network Technology Co., Ltd. suffers from an XSS vulnerability, which can be exploited by attackers to obtain sensitive information such as user...

Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a.....

Fastjson Deserialization Vulnerability in YouSpace APP of UFIDA Network Technology Co.

YouSpace APP is an enterprise space management software. YouSpace APP of UFIDA Network Technology Co. Ltd. suffers from a Fastjson deserialization vulnerability, which can be exploited by attackers to execute malicious...

Forrester names Microsoft a Leader in the 2023 Zero Trust Platform Providers Wave™ report

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. At Microsoft, we understand modernizing security is a complex task in this era of ever-evolving cyberthreats and complex digital environments. Serious threats have necessitated a.....

Arbitrary File Read Vulnerability in M7160DW of Zhuhai Pento Printing Technology Co.

The M7160DW is a black-and-white laser MFP that supports printing, copying and scanning functions with USB, wired network, LAN and WIFI connectivity. The M7160DW of Zhuhai Pento Printing Technology Co., Ltd. suffers from an arbitrary file read vulnerability, which can be exploited by an attacker...

SQL Injection Vulnerability in Intelligent Park Comprehensive Management Platform of Zhejiang Dahua Technology Co.(CNVD-2023-67975)

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A SQL injection vulnerability exists in the Smart Park Integrated Management Platform of Zhejiang Dahua Technology Co. Ltd, which can be exploited by...

Logic Flaw Vulnerability in Pantum M6700DW Series from Zhuhai Pentium Printing Technology Co.

Zhuhai Bento Printing Technology Co., Ltd. is a printer to master the core technology and independent intellectual property rights, research and development, design, production, sales of printers, consumables and printing output solutions as one of the enterprises. Zhuhai Pantum Printing...

Windows/x64 - PIC Null-Free TCP Reverse Shell Shellcode (476 Bytes)

...

Command Execution Vulnerabilities in Various Products of Beijing StarNet Ruijie Network Technology Company Limited (CNVD-2023-68249)

Beijing StarNet Ruijie Network Technology Co., Ltd. is an ICT infrastructure and industry solutions provider. A command execution vulnerability exists in various products of Beijing StarNet Ruijie Network Technology Co., Ltd. that can be exploited by attackers to gain server...

CVE-2023-38574

Open redirect vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to redirect users to arbitrary web sites and conduct phishing attacks via a specially crafted...

SQL Injection Vulnerability in Beijing Century Super Star Information Technology Development Co.

Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. Beijing Century Super Star Information Technology Development Limited Liability Company Super Star Huiya Electronic Library...

SQL Injection Vulnerability in Human Resource Information Management System of Beijing Hongjing Century Software Company Limited (CNVD-2023-68143)

Beijing Hongjing Century Software Co., Ltd. is a professional e-HR vendor in China. A SQL injection vulnerability exists in the human resources information management system of Beijing Hongjing Century Software Company Limited, which can be exploited by an attacker to obtain sensitive information.....

Logical flaws in the internship training management system of Beijing Century Super Star Information Technology Development Co.

Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. There is a logic flaw vulnerability in the internship training management system of Beijing Century Super Star Information...

Microsoft Exchange Server is the United States Microsoft (Microsoft) company's set of e-mail service program. It provides e-mail access, storage, forwarding, voice mail, e-mail filtering and screening. An information disclosure vulnerability exists in Microsoft Exchange Server, which can be exploited by attackers to obtain sensitive information.

Beijing Qixingchen Information Security Technology Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the 4A Unified Security Control Platform of Beijing Qixingchen Information Security...

Beijing Century Super Star Information Technology Development Co., Ltd. learning through the quality of engineering platform there are logical flaws vulnerabilities

Beijing Century Super Star Information Technology Development Co., Ltd. is an education informatization enterprise driven by technology, product and service innovation. A logic flaw vulnerability exists in the Beijing Century Super Star Information Technology Development Limited Liability...

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 11, 2023 to September 17, 2023)

Last week, there were 55 vulnerabilities disclosed in 46 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 15 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

CVE-2023-40535

Stored cross-site scripting vulnerability in View setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary...

CVE-2023-40705

Stored cross-site scripting vulnerability in Map setting page of VI Web Client prior to 7.9.6 allows a remote authenticated attacker to inject an arbitrary...

CVE-2023-39938

Reflected cross-site scripting vulnerability in VI Web Client prior to 7.9.6 allows a remote unauthenticated attacker to inject an arbitrary...

Oracle Linux 8 : openssl (ELSA-2020-1840)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-1840 advisory. Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is...

CVE-2022-48453

In camera driver, there is a possible out of bounds write due to a missing bounds check. This could lead to local denial of service with System execution privileges...

CVE-2023-39164 WordPress Molongui Plugin <= 4.6.19 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Molongui Author Box for Authors, Co-Authors, Multiple Authors and Guest Authors – Molongui plugin &lt;= 4.6.19...

Microsoft AI Researchers Accidentally Expose 38 Terabytes of Confidential Data

Microsoft on Monday said it took steps to correct a glaring security gaffe that led to the exposure of 38 terabytes of private data. The leak was discovered on the company's AI GitHub repository and is said to have been inadvertently made public when publishing a bucket of open-source training...

CVE-2023-33914

In NIA0 algorithm in Security Mode Command, there is a possible missing verification incorrect input. This could lead to remote information disclosure no additional execution privileges...

CVE-2023-0839 Improper Error Handling in inSCADA

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in ProMIS Process Co. InSCADA allows Account Footprinting.This issue affects inSCADA: before...

CVE-2023-33915

In LTE protocol stack, there is a possible missing permission check. This could lead to remote information disclosure no additional execution privileges...

CVE-2022-47353

In vdsp device, there is a possible system crash due to improper input validation.This could lead to local denial of service with System execution privileges...

Command injection

SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to arbitrary system commands or disrupt...

Hardcoded credentials

SpotCam Co., Ltd. SpotCam FHD 2’s hidden Telnet function has a vulnerability of using hard-coded Telnet credentials. An remote unauthenticated attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt...

Hardcoded credentials

SpotCam Co., Ltd. SpotCam FHD 2 has a vulnerability of using hard-coded uBoot credentials. An remote attacker can exploit this vulnerability to access the system to perform arbitrary system operations or disrupt...

Command injection

SpotCam Co., Ltd. SpotCam Sense’s hidden Telnet function has a vulnerability of OS command injection. An remote unauthenticated attacker can exploit this vulnerability to execute command injection attack to perform arbitrary system commands or disrupt...

CVE-2022-47352

In camera driver, there is a possible out of bounds read due to a missing bounds check. This could lead to local denial of service with System execution privileges...

Starlette has Path Traversal vulnerability in StaticFiles

Summary When using StaticFiles, if there's a file or directory that starts with the same name as the StaticFiles directory, that file or directory is also exposed via StaticFiles which is a path traversal vulnerability. Details The root cause of this issue is the usage of os.path.commonprefix():...

CVE-2023-38439

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution...

CVE-2023-38444

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution...

CVE-2023-38448

In vowifiservice, there is a possible missing permission check.This could lead to local denial of service with no additional execution...

CVE-2023-38451

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution...

CVE-2023-38460

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution...

CVE-2023-38441

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution...

CVE-2023-38440

In vowifiservice, there is a possible missing permission check.This could lead to local information disclosure with no additional execution...

CVE-2023-38450

In vowifiservice, there is a possible missing permission check.This could lead to local escalation of privilege with no additional execution...