π¨ CVE-2023-34096
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
π@cveNotify
Thruk is a multibackend monitoring webinterface which currently supports Naemon, Icinga, Shinken and Nagios as backends. In versions 3.06 and prior, the file `panorama.pm` is vulnerable to a Path Traversal vulnerability which allows an attacker to upload a file to any folder which has write permissions on the affected system. The parameter location is not filtered, validated or sanitized and it accepts any kind of characters. For a path traversal attack, the only characters required were the dot (`.`) and the slash (`/`). A fix is available in version 3.06.2.
π@cveNotify
GitHub
panorama: fix folder validation Β· sni/Thruk@cf03f67
make sure picture upload targets a folder below user content folder.
- CVE-2023-34096
- CVE-2023-34096
π¨ CVE-2023-35840
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
π@cveNotify
_joinPath in elFinderVolumeLocalFileSystem.class.php in elFinder before 2.1.62 allows path traversal in the PHP LocalVolumeDriver connector.
π@cveNotify
GitHub
[VD:LocalFileSystem] Security fixes, directory traversal vulnerability Β· Studio-42/elFinder@bb9aaa7
fixes
This issue was found by MichaΕ Majchrowicz & Livio Victoriano AFINE
Team. We give them a special thanks.
This issue was found by MichaΕ Majchrowicz & Livio Victoriano AFINE
Team. We give them a special thanks.
π¨ CVE-2023-35844
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
π@cveNotify
packages/backend/src/routers in Lightdash before 0.510.3 has insecure file endpoints, e.g., they allow .. directory traversal and do not ensure that an intended file extension (.csv or .png) is used.
π@cveNotify
GitHub
Comparing 0.510.2...0.510.3 Β· lightdash/lightdash
Open source BI for teams that move fast β‘οΈ. Contribute to lightdash/lightdash development by creating an account on GitHub.
π¨ CVE-2023-35849
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not properly check whether header sizes would result in accessing data outside of a packet.
π@cveNotify
GitHub
More checks for correct header sizes Β· virtualsquare/picotcp@4b9a167
Reported-by: "P. Amsuo, Purdue University"
π¨ CVE-2023-35848
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 lacks certain size calculations before attempting to set a value of an mss structure member.
π@cveNotify
GitHub
Various fixes on size calculation by danielinux Β· Pull Request #15 Β· virtualsquare/picotcp
TCP: Fixed MSS size calculation, set lower MSS bound
TCP: Check options size before parsing MSS field
ipfilter: Check transport layer size before dereferencing port numbers
IPv4: Check transport la...
TCP: Check options size before parsing MSS field
ipfilter: Check transport layer size before dereferencing port numbers
IPv4: Check transport la...
π¨ CVE-2023-35847
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not have an MSS lower bound (e.g., it could be zero).
π@cveNotify
GitHub
TCP: Fixed MSS size calculation. Set MSS lower bound. Β· virtualsquare/picotcp@eaf1660
Reported-by: "P. Amsuo, Purdue University"
π¨ CVE-2023-35846
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
π@cveNotify
VirtualSquare picoTCP (aka PicoTCP-NG) through 2.1 does not check the transport layer length in a frame before performing port filtering.
π@cveNotify
GitHub
[ipfilter] Check transport layer length in frame before filtering ports Β· virtualsquare/picotcp@d561990
Reported-by: "P. Amsuo, Purdue University"
π¨ CVE-2023-35857
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
π@cveNotify
In Siren Investigate before 13.2.2, session keys remain active even after logging out.
π@cveNotify
π¨ CVE-2023-35856
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
π@cveNotify
A buffer overflow in Nintendo Mario Kart Wii RMCP01, RMCE01, RMCJ01, and RMCK01 can be exploited by a game client to execute arbitrary code on a client's machine via a crafted packet.
π@cveNotify
GitHub
GitHub - MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution: Injects arbitrary code into a client's game.
Injects arbitrary code into a client's game. Contribute to MikeIsAStar/Mario-Kart-Wii-Remote-Code-Execution development by creating an account on GitHub.
π¨ CVE-2023-35855
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
π@cveNotify
A buffer overflow in Counter-Strike through 8684 allows a game server to execute arbitrary code on a remote client's machine by modifying the lservercfgfile console variable.
π@cveNotify
GitHub
GitHub - MikeIsAStar/Counter-Strike-Remote-Code-Execution: Injects arbitrary code into a client's game.
Injects arbitrary code into a client's game. Contribute to MikeIsAStar/Counter-Strike-Remote-Code-Execution development by creating an account on GitHub.
π¨ CVE-2023-35853
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
π@cveNotify
In Suricata before 6.0.13, an adversary who controls an external source of Lua rules may be able to execute Lua code. This is addressed in 6.0.13 by disabling Lua unless allow-rules is true in the security lua configuration section.
π@cveNotify
Stamus-Networks
Stamus Labs | Stamus Networks
Stamus Networks has a long history of developing and supporting open source technologies. Our founders are both members of the Open Information Security Foundation executive team and developers on the Suricata project. Stamus Labs currently manages four activeβ¦
π¨ CVE-2023-35852
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
π@cveNotify
In Suricata before 6.0.13 (when there is an adversary who controls an external source of rules), a dataset filename, that comes from a rule, may trigger absolute or relative directory traversal, and lead to write access to a local filesystem. This is addressed in 6.0.13 by requiring allow-absolute-filenames and allow-write (in the datasets rules configuration section) if an installation requires traversal/writing in this situation.
π@cveNotify
Stamus-Networks
Stamus Labs | Stamus Networks
Stamus Networks has a long history of developing and supporting open source technologies. Our founders are both members of the Open Information Security Foundation executive team and developers on the Suricata project. Stamus Labs currently manages four activeβ¦
π¨ CVE-2023-34657
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
π@cveNotify
A stored cross-site scripting (XSS) vulnerability in Eyoucms v1.6.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the web_recordnum parameter.
π@cveNotify
GitHub
EyouCMS v1.6.2 has stored xss Β· Issue #43 Β· weng-xianhu/eyoucms
There is a storage type cross site scripting vulnerability in the filing number of the Basic Information tab on the backend management page of EyouCMS v1.6.2
π¨ CVE-2023-35862
libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.
π@cveNotify
libcoap 4.3.1 contains a buffer over-read via the function coap_parse_oscore_conf_mem at coap_oscore.c.
π@cveNotify
GitHub
Tags Β· obgm/libcoap
A CoAP (RFC 7252) implementation in C. Contribute to obgm/libcoap development by creating an account on GitHub.
π¨ CVE-2023-34642
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
π@cveNotify
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function showDirectoryPicker() which can then be used to open an unprivileged command prompt.
π@cveNotify
Kioware
KioWare | Kiosk System Software
KioWare kiosk system software - kiosk browser software to secure the OS in lockdown kiosk mode. Free trial available.
π¨ CVE-2023-34641
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
π@cveNotify
KioWare for Windows through v8.33 was discovered to contain an incomplete blacklist filter for blocked dialog boxes on Windows 10. This issue can allow attackers to open a file dialog box via the function window.print() which can then be used to open an unprivileged command prompt.
π@cveNotify
Kioware
KioWare | Kiosk System Software
KioWare kiosk system software - kiosk browser software to secure the OS in lockdown kiosk mode. Free trial available.
π¨ CVE-2023-32538
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.
π@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32273 and CVE-2023-32201.
π@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
π¨ CVE-2023-32273
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.
π@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32201.
π@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
π¨ CVE-2023-32270
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
π@cveNotify
Access of memory location after end of buffer issue exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted V8 file may lead to information disclosure and/or arbitrary code execution.
π@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes
π¨ CVE-2023-32201
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.
π@cveNotify
Stack-based buffer overflow vulnerability exists in TELLUS v4.0.15.0 and TELLUS Lite v4.0.15.0. Opening a specially crafted SIM2 file may lead to information disclosure and/or arbitrary code execution. This vulnerability is different from CVE-2023-32538 and CVE-2023-32273.
π@cveNotify
jvn.jp
JVNVU#98818508: Multiple vulnerabilities in Fuji Electric products
Japan Vulnerability Notes