The Cacti Group, Inc. Security Vulnerabilities

CVE-2023-38304

An issue was discovered in Webmin 2.021. A Stored Cross-Site Scripting (XSS) vulnerability was discovered in the Users and Groups functionality, allowing an attacker to store a malicious payload in the Group Name field when creating a new...

ServiceNow - Cross-site Scripting

A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

JetBrains TeamCity < 2023.05.4 - Remote Code Execution

In JetBrains TeamCity before 2023.05.4 authentication bypass leading to RCE on TeamCity Server was...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum Security Gateway Firmware

**Check Point Security Gateway RCE Exploit Tool...

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the IP parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain sensitive...

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?module=global_vars/vars) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Value parameter after clicking...

SINEMA Remote Connect Server < V2.0 - Open Redirect

A vulnerability has been identified in SINEMA Remote Connect Server (All versions &lt; V2.0). Affected products contain an open redirect vulnerability. An attacker could trick a valid authenticated user to the device into clicking a malicious link there by leading to phishing...

WordPress GDPR & CCPA <1.9.27 - Cross-Site Scripting

WordPress GDPR & CCPA plugin before 1.9.27 contains a cross-site scripting vulnerability. The check_privacy_settings AJAX action, available to both unauthenticated and authenticated users, responds with JSON data without an "application/json" content-type, and JavaScript code may be executed on a.....

SonicWall GMS and Analytics Web Services - Shell Injection

The authentication mechanism in SonicWall GMS and Analytics Web Services had insufficient checks, allowing authentication bypass. This issue affects GMS: 9.3.2-SP1 and earlier versions; Analytics: 2.5.0.4-R7 and earlier...

WordPress Elementor 3.18.1 - File Upload/Remote Code Execution

The plugin is vulnerable to Remote Code Execution via file upload via the template import functionality, allowing authenticated attackers, with contributor-level access and above, to upload files and execute code on the...

Citrix Bleed - Leaking Session Tokens

Sensitive information disclosure in NetScaler ADC and NetScaler Gateway when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA...

Cuppa CMS v1.0 - Authenticated Local File Inclusion

The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authenticated user can read system files via crafted POST request using [function] parameter value as LFI...

CVE-2024-26772

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group...

CVE-2024-26772

In the Linux kernel, the following vulnerability has been resolved: ext4: avoid allocating blocks from corrupted group in ext4_mb_find_by_goal() Places the logic for checking if the group's block bitmap is corrupt under the protection of the group lock to avoid allocating blocks from the group...

Critical: kernel

Issue Overview: 2024-05-23: CVE-2018-13405 was added to this advisory. A vulnerability was found in the fs/inode.c:inode_init_owner() function logic of the LInux kernel that allows local users to create files with an unintended group ownership and with group execution and SGID permission bits set,....

CVE-2024-29894 Cacti Cross-site Scripting vulnerability when using JavaScript based messaging API

Cacti provides an operational monitoring and fault management framework. Versions of Cacti prior to 1.2.27 contain a residual cross-site scripting vulnerability caused by an incomplete fix for CVE-2023-50250. raise_message_javascript from lib/functions.php now uses purify.js to fix CVE-2023-50250.....

CVE-2024-5862 User Enumeration in Mia Technology's Mia-Med Health Aplication

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before...

CVE-2024-5862 User Enumeration in Mia Technology's Mia-Med Health Aplication

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before...

CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

CVE-2024-5862

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before...

CVE-2024-5862

Improper Restriction of Excessive Authentication Attempts vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Interface Manipulation.This issue affects Mia-Med Health Aplication: before...

CVE-2022-0225

A flaw was found in Keycloak. This flaw allows a privileged attacker to use the malicious payload as the group name while creating a new group from the admin console, leading to a stored Cross-site scripting (XSS)...

CVE-2023-46730

Group-Office is an enterprise CRM and groupware tool. In affected versions there is full Server-Side Request Forgery (SSRF) vulnerability in the /api/upload.php endpoint. The /api/upload.php endpoint does not filter URLs which allows a malicious user to cause the server to make resource requests...

CVE-2024-2793

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to Stored Cross-Site Scripting via comments in all versions up to, and including, 3.30 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated.....

WordPress Plugin WP Statistics <= 13.1.5 - SQL Injection

The WP Statistics WordPress plugin is vulnerable to SQL Injection due to insufficient escaping and parameterization of the current_page_id parameter found in the ~/includes/class-wp-statistics-hits.php file which allows attackers without authentication to inject arbitrary SQL queries to obtain...

Nagios XI 5.7.5 - Cross-Site Scripting

Nagios XI 5.7.5 contains a cross-site scripting vulnerability in the file /usr/local/nagiosxi/html/admin/sshterm.php, due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal session cookies, or it can be chained with the....

GitLab CE/EE - Information Disclosure

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...

Powertek Firmware <3.30.30 - Authorization Bypass

Powertek firmware (multiple brands) before 3.30.30 running Power Distribution Units are vulnerable to authorization bypass in the web interface. To exploit the vulnerability, an attacker must send an HTTP packet to the data retrieval interface (/cgi/get_param.cgi) with the tmpToken cookie set to...

GitLab - Account Takeover via Password Reset

An issue has been discovered in GitLab CE/EE affecting all versions from 16.1 prior to 16.1.6, 16.2 prior to 16.2.9, 16.3 prior to 16.3.7, 16.4 prior to 16.4.5, 16.5 prior to 16.5.6, 16.6 prior to 16.6.4, and 16.7 prior to 16.7.2 in which user account password reset emails could be delivered to an....

Rukovoditel <= 2.7.2 - Cross Site Scripting

A stored cross site scripting (XSS) vulnerability in the 'Global Lists" feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Name'...

Rukovoditel <= 3.2.1 - Cross Site Scripting

Rukovoditel v3.2.1 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Add Announcement function at /index.php?module=help_pages/pages&entities_id=24. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the....

VMware Aria Operations for Networks - Remote Code Execution

Aria Operations for Networks contains an authenticated deserialization vulnerability. A malicious actor with network access to VMware Aria Operations for Networks and valid 'member' role credentials may be able to perform a deserialization attack resulting in remote code...

Mlflow <2.2.1 - Local File Inclusion

Mlflow before 2.2.1 is susceptible to local file inclusion due to path traversal ..\filename in GitHub repository mlflow/mlflow. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected...

CentOS Web Panel 7 <0.9.8.1147 - Remote Code Execution

CentOS Web Panel 7 before 0.9.8.1147 is susceptible to remote code execution via entering shell characters in the /login/index.php component. This can allow an attacker to execute arbitrary system commands via crafted HTTP requests and potentially execute malware, obtain sensitive information,...

WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting

WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-site scripting vulnerability. It does not sanitize or escape user input appended to the DOM via a malicious...

Advisory ROSA-SA-2024-2436

software: cfengine 3.21.3 OS: ROSA-CHROME package_evr_string: cfengine-3.21.3-1 CVE-ID: CVE-2021-36756 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: There is no SSL certificate validation in CFEngine Enterprise. CVE-STATUS: Fixed CVE-REV: To close, execute command: sudo dnf update cfengine CVE-ID:...

Attachment name, in questions/answers, is searchable despite not having Permissions for Questions

h4. Summary The questions plugin allows administrators to restrict its usage to groups/users, similar to Confluence Permissions. Attachments uploaded to these questions/answers can be found by users that do not have Questions Permission. However, while the attachment can be searched and its title.....

Winter CMS Local File Inclusion - (LFI)

Winter is a free, open-source content management system. Users with access to backend forms that include a ColorPicker FormWidget can provide a value that would then be included without further processing in the compilation of custom stylesheets via LESS. This had the potential to lead to a Local.....

Rukovoditel <= 3.2.1 - Cross Site Scripting

A stored cross-site scripting (XSS) vulnerability in the Global Entities feature (/index.php?module=entities/entities) of Rukovoditel v3.2.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter after clicking "Add New...

WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload

WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated arbitrary file upload. The plugin does not ensure that imported files are in SGBP format and extension, allowing high-privilege users to upload arbitrary files, including PHP, possibly leading to remote code...

ZK Framework - Information Disclosure

ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute...

GitLab CE/EE - Remote Code Execution

GitLab CE/EE 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 is susceptible to remote code execution. An authenticated user authorized to import projects can import a maliciously crafted project, thus possibly being able to execute malware, obtain sensitive information,...

GitLab CE/EE - Hard-Coded Credentials

GitLab CE/EE contains a hard-coded credentials vulnerability. A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, SAML), allowing attackers to potentially take over accounts. This template attempts to passively identify vulnerable versions of GitLab...

Nagios XI <5.8.5 - Open Redirect

Nagios XI through 5.8.5 contains an open redirect vulnerability in the login function. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized...

Apache Solr <=8.8.1 - Server-Side Request Forgery

Apache Solr versions 8.8.1 and prior contain a server-side request forgery vulnerability. The ReplicationHandler (normally registered at "/replication" under a Solr core) in Apache Solr has a "masterUrl" (also "leaderUrl" alias) parameter that is used to designate another ReplicationHandler on...

CVE-2024-3264

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before...

FlightPath - Local File Inclusion

FlightPath versions prior to 4.8.2 and 5.0-rc2 are vulnerable to local file...

CVE-2024-3264 Broken or Risky Cryptographic Algorithm in Mia Technology's Mia-Med Health Aplication

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before...

CVE-2024-3264 Broken or Risky Cryptographic Algorithm in Mia Technology's Mia-Med Health Aplication

Use of a Broken or Risky Cryptographic Algorithm vulnerability in Mia Technology Inc. Mia-Med Health Aplication allows Signature Spoofing by Improper Validation.This issue affects Mia-Med Health Aplication: before...

[SECURITY] Fedora 40 Update: keepassxc-2.7.8-2.fc40

KeePassXC is a community fork of KeePassX KeePassXC is an application for people with extremely high demands on secure personal data management. KeePassXC saves many different information e.g. user names, passwords, urls, attachemts and comments in one single database. For a better management...