Centreon version 23.10-1.el8 suffers from a remote authenticated SQL injection vulnerability.
ccd137a9553629c65cb1fcc131008c98cf86b7038c922afa5586765db2092434Backdoor.Win32.Dumador.c malware suffers from a buffer overflow vulnerability.
32edf47bda897a0471a7ffbf6db742832e71820e9d55f2a6b95b5e7a897a6cc8The password of database connections in AWS Glue is loaded into the website when a connection's edit page is requested. Principals with appropriate permissions can read the password. This behavior also increases the risk that database passwords will be intercepted by an attacker during transmission in the server response. Many types of vulnerabilities, such as broken access controls, cross site scripting and weaknesses in session handling, could enable an attacker to leverage this behavior to retrieve the passwords.
70e6691798348933f72079d525b978bc0517e5c1f2d9ac8b96813c23d1234685This Metasploit exploit module leverages an improperly controlled modification of dynamically-determined object attributes vulnerability (CVE-2023-43177) to achieve unauthenticated remote code execution. This affects CrushFTP versions prior to 10.5.1. It is possible to set some user's session properties by sending an HTTP request with specially crafted Header key-value pairs. This enables an unauthenticated attacker to access files anywhere on the server file system and steal the session cookies of valid authenticated users. The attack consists in hijacking a user's session and escalates privileges to obtain full control of the target. Remote code execution is obtained by abusing the dynamic SQL driver loading and configuration testing feature.
fc2503cafa5ba3115896a3dc2baf8a4ded20d177d35f6003c3053acbcc5a8f5aGLPI versions 10.x.x suffers from a remote command execution vulnerability via the shell commands plugin.
0937b05f1fb5c8e26650b3ff3036018e86cdfd467308fd6c3e1b37d5aa588d9cWordPress WP Video Playlist plugin version 1.1.1 suffers from a persistent cross site scripting vulnerability.
44b6783873b84d60c9427dd76b9a98383fd7f993964765bebb0b876b91c1bedaBMC Compuware iStrobe Web version 20.13 suffers from a remote shell upload vulnerability.
3c3484f8fcc75a92702655ca438887e9feb947e1b2bba0fc5284d6ea230f3db7Kruxton version 1.0 suffers from a remote SQL injection vulnerability.
9848e498414e8e0e14e12064a9a285c3bc570dd55bd67b2940d83dc1a77c56cdKruxton version 1.0 suffers from a remote shell upload vulnerability.
eac82a8882065fad4041f5e76566b23a349a9bac77c6028731f1d06a43bc4ca4WBCE version 1.6.0 suffers from a remote SQL injection vulnerability.
18873adacfde1b4805b4a6b105109b6e4a03d0a85a9440207f1364a7e3ae897bAMPLE BILLS version 0.1 suffers from a remote SQL injection vulnerability.
d20b6ec27d1eeff141c08bd7cfa9127bb8953085c6f65df0d3f8a8e79abd9901PrusaSlicer versions 2.6.1 and below suffer from an arbitrary code execution vulnerability.
b34aa624a28c8476e02d0d03c7e6f3acee3206fcd6fe6d3cee5190899b172c4eMoodle version 3.10.1 suffers from a remote time-based SQL injection vulnerability.
e3ce711f4b8356d012259f34f7f227e8907a46d0f7af6bb3c35ce4c0de5a0e57Django REST Framework SimpleJWT versions 5.3.1 and below suffer from an information disclosure vulnerability.
0cf9167770cb06a14b145bf5a24a5c6ad91da1a8ea53c6113587115ec0fc17a4Jenkins version 2.441 suffers from a local file inclusion vulnerability.
bd541e95b84e90dc4cbb0bfe35af5cd5870fc359b6d836f3a3eb70857003a87aOpenClinic GA version 5.247.01 suffers from an information disclosure vulnerability.
2ff76ee23f3646bb23d72691d3d4f6a113f1d03e2ad22824d2636988ff0294f6OpenClinic GA version 5.247.01 suffers from an authenticated path traversal vulnerability.
0a16a99fea8a81ce4ac5a7f2ff88ffe98623e591f76c35f5e7c3d8893490aef0Online Fire Reporting System version 1.2 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
9342b7d21282ed54ce4702c6cda7276732332887ecb951f160125d0470ad7553Stock Management System version 1.0 suffers from a remote SQL injection vulnerability.
ee8f6806eb002eeb79308e1f582300e6c9e5c6963aed8ff7b5b730994fc80298Terratec dmx_6fire USB version 1.23.0.02 suffers from an unquoted service path vulnerability.
3b1ae38d17de2b6bb05d853af820ee9f6f5e2f2251357f5de9240f209b72112fThe Ray Project dashboard contains a CPU profiling page, and the format parameter is not validated before being inserted into a system command executed in a shell, allowing for arbitrary command execution. If the system is configured to allow passwordless sudo (a setup some Ray configurations require) this will result in a root shell being returned to the user. If not configured, a user level shell will be returned. Versions 2.6.3 and below are affected.
71d55c6a52e12ee9261d11d52085671ffd68404f5deb15af6740a69e8a217fbaWordPress Playlist for Youtube plugin version 1.32 suffers from a persistent cross site scripting vulnerability.
89bd57c1d15c2fdb70027b10bc188998968404fee02a9c3318c678b99724d195MinIO versions prior to 2024-01-31T20-20-33Z suffer from a privilege escalation vulnerability.
1fd596cf1466301a3fd1b25b9e0abbc97d0da47e2d4cbfabb6133bac6cd96055An access control issue in Trimble TM4Web version 22.2.0 allows unauthenticated attackers to access a specific crafted URL path to retrieve the last registration access code and use this access code to register a valid account. If the access code was used to create an Administrator account, attackers are also able to register new Administrator accounts with full rights and privileges.
f463a33e91d671de7054018540aff6f6ec53938dedf239b9646be10f49edfccfConcrete CMS version 9.2.7 suffers from information disclosure, open redirection, and persistent cross site scripting vulnerabilities.
a4e09ec269b6fd6e7d21fa37778ad6cc59fa7c6ed21097b3b6e52c179ba94e14
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed