βΌ CVE-2023-23592 βΌ
π Read
via "National Vulnerability Database".
WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.π Read
via "National Vulnerability Database".
βΌ CVE-2015-10076 βΌ
π Read
via "National Vulnerability Database".
A vulnerability was found in dimtion Shaarlier up to 1.2.2. It has been declared as critical. Affected by this vulnerability is the function createTag of the file app/src/main/java/com/dimtion/shaarlier/TagsSource.java of the component Tag Handler. The manipulation leads to sql injection. Upgrading to version 1.2.3 is able to address this issue. The name of the patch is 3d1d9b239d9b3cd87e8bed45a0f02da583ad371e. It is recommended to upgrade the affected component. The identifier VDB-220453 was assigned to this vulnerability.π Read
via "National Vulnerability Database".
βΌ CVE-2023-22832 βΌ
π Read
via "National Vulnerability Database".
The ExtractCCDAAttributes Processor in Apache NiFi 1.2.0 through 1.19.1 does not restrict XML External Entity references. Flow configurations that include the ExtractCCDAAttributes Processor are vulnerable to malicious XML documents that contain Document Type Declarations with XML External Entity references. The resolution disables Document Type Declarations and disallows XML External Entity resolution in the ExtractCCDAAttributes Processor.π Read
via "National Vulnerability Database".
βΌ CVE-2022-45699 βΌ
π Read
via "National Vulnerability Database".
Command injection in the administration interface in APSystems ECU-R version 5203 allows a remote unauthenticated attacker to execute arbitrary commands as root using the timezone parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2022-43501 βΌ
π Read
via "National Vulnerability Database".
KASAGO TCP/IP stack provided by Zuken Elmic generates ISNs(Initial Sequence Number) for TCP connections from an insufficiently random source. An attacker may be able to determine the ISN of the current or future TCP connections and either hijack existing ones or spoof future ones.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24684 βΌ
π Read
via "National Vulnerability Database".
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24573 βΌ
π Read
via "National Vulnerability Database".
Dell Command | Monitor versions prior to 10.9 contain an arbitrary folder delete vulnerability during uninstallation. A locally authenticated malicious user may potentially exploit this vulnerability leading to arbitrary folder deletion.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34452 βΌ
π Read
via "National Vulnerability Database".
PowerPath Management Appliance with versions 3.3, 3.2*, 3.1 & 3.0* contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21939 βΌ
π Read
via "National Vulnerability Database".
Sensitive Cookie Without 'HttpOnly' Flag vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2018-7935 βΌ
π Read
via "National Vulnerability Database".
There is a vulnerability in 21.328.01.00.00 version of the E5573Cs-322. Remote attackers could exploit this vulnerability to make the network where the E5573Cs-322 is running temporarily unavailable.π Read
via "National Vulnerability Database".
βΌ CVE-2022-34454 βΌ
π Read
via "National Vulnerability Database".
Dell PowerScale OneFS, versions 8.2.x-9.3.x, contain a heap-based buffer overflow. A local privileged malicious user could potentially exploit this vulnerability, leading to system takeover. This impacts compliance mode clusters.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23625 βΌ
π Read
via "National Vulnerability Database".
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. Trying to read malformed HAMT sharded directories can cause panics and virtual memory leaks. If you are reading untrusted user input, an attacker can then trigger a panic. This is caused by bogus `fanout` parameter in the HAMT directory nodes. Users are advised to upgrade to version 0.4.3 to resolve this issue. Users unable to upgrade should not feed untrusted user data to the decoding functions.π Read
via "National Vulnerability Database".
βΌ CVE-2022-21940 βΌ
π Read
via "National Vulnerability Database".
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute vulnerability in Johnson Controls System Configuration Tool (SCT) version 14 prior to 14.2.3 and version 15 prior to 15.0.3 could allow access to the cookie.π Read
via "National Vulnerability Database".
βΌ CVE-2022-3568 βΌ
π Read
via "National Vulnerability Database".
The ImageMagick Engine plugin for WordPress is vulnerable to deserialization of untrusted input via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.π Read
via "National Vulnerability Database".
βΌ CVE-2023-23626 βΌ
π Read
via "National Vulnerability Database".
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. When feeding untrusted user input into the size parameter of `NewBitfield` and `FromBytes` functions, an attacker can trigger `panic`s. This happen when the `size` is a not a multiple of `8` or is negative. There were already a note in the `NewBitfield` documentation, however known users of this package are subject to this issue. Users are advised to upgrade. Users unable to upgrade should ensure that `size` is a multiple of 8 before calling `NewBitfield` or `FromBytes`.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24569 βΌ
π Read
via "National Vulnerability Database".
Dell Alienware Command Center versions 5.5.37.0 and prior contain an Improper Input validation vulnerability. A local authenticated malicious user could potentially send malicious input to a named pipe in order to elevate privileges on the system.π Read
via "National Vulnerability Database".
ποΈ Deserialized web security roundup: KeePass dismisses βvulnerabilityβ report, OpenSSL gets patched, and Reddit admits phishing hack ποΈ
π Read
via "The Daily Swig".
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity newsπ Read
via "The Daily Swig".
The Daily Swig | Cybersecurity news and views
Deserialized web security roundup: KeePass dismisses βvulnerabilityβ report, OpenSSL gets patched, and Reddit admits phishing hack
Your fortnightly rundown of AppSec vulnerabilities, new hacking techniques, and other cybersecurity news
βΌ CVE-2023-24349 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetRoute.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24230 βΌ
π Read
via "National Vulnerability Database".
A stored cross-site scripting (XSS) vulnerability in the component /formwork/panel/dashboard of Formwork v1.12.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Page title parameter.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24352 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the webpage parameter at /goform/formWPS.π Read
via "National Vulnerability Database".
βΌ CVE-2023-24348 βΌ
π Read
via "National Vulnerability Database".
D-Link N300 WI-FI Router DIR-605L v2.13B01 was discovered to contain a stack overflow via the curTime parameter at /goform/formSetACLFilter.π Read
via "National Vulnerability Database".