@CodeColorist continues writing about bugs, such as CVE-2019-8521 and CVE-2019-8565 that provide a mechanism to elevate privileges to root on
Vulnerabilities
Vulnerabilities
CVE-2022-38389
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing
CVE-2022-22486
IBM Tivoli Workload Scheduler 9.4, 9.5, and 10.1 is vulnerable to an XML External Entity Injection (XXE) attack when processing
Cisco ออกแพตช์อุดช่องโหว่ความรุนแรงสูงในอุปกรณ์ที่ใช้งาน Cisco IOx Application Hosting Environment
Latest articles about Operating SystemsRead More
AI, Processor Advances Will Improve Application Security
Latest articles about Operating SystemsRead More
CVE-2023-24574
Dell Enterprise SONiC OS, 3.5.3, 4.0.0, 4.0.1, 4.0.2, contains an “Uncontrolled Resource Consumption vulnerability” in authentication component. An unauthenticated remote
CVE-2023-0576
Server-Side Request Forgery (SSRF), Improperly Controlled Modification of Dynamically-Determined Object Attributes, Improper Restriction of Excessive Authentication Attempts vulnerability in Yugabyte
CVE-2023-0253
The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via
CVE-2022-48114
RuoYi up to v4.7.5 was discovered to contain a SQL injection vulnerability via the component /tool/gen/createTable.National Vulnerability DatabaseRead More
CVE-2022-48113
A vulnerability in TOTOLINK N200RE_v5 firmware V9.3.5u.6139 allows unauthenticated attackers to access the telnet service via a crafted POST request.
CVE-2019-15984 (data_center_network_manager)
Latest articles about Database Management SystemsRead More
AI, Processor Advances Will Improve Application Security
Latest articles about LinuxRead More
WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization
Topic: WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization Risk: Medium Text:On January 16, 2023, the
NA – CVE-2023-23119 – The use of the cyclic redundancy check (CRC)…
Latest articles about CryptographyRead More
NA – CVE-2023-23110 – An exploitable firmware modification…
Latest articles about FirmwareRead More
NA – CVE-2023-23119 – The use of the cyclic redundancy check (CRC)…
Latest articles about FirmwareRead More
Hikvision Remote Code Execution / XSS / SQL Injection
Latest articles about FirmwareRead More
Control Web Panel Unauthenticated Remote Command Execution
Latest articles about LinuxRead More
Control Web Panel Unauthenticated Remote Command Execution
Topic: Control Web Panel Unauthenticated Remote Command Execution Risk: High Text:## # This module requires Metasploit: https://metasploit.com/download # Current source:
Hikvision Remote Code Execution / XSS / SQL Injection
Topic: Hikvision Remote Code Execution / XSS / SQL Injection Risk: Medium Text:Detailed Information Product Name: Hikvision Vendor Home Page:
eCommerce Marketplace Platform CMS 1.7 SQL Injection
Topic: eCommerce Marketplace Platform CMS 1.7 SQL Injection Risk: Medium Text:…CXSECURITY Database RSS Feed – CXSecurity.comRead More
Hikvision Remote Code Execution / XSS / SQL Injection
Latest articles about Database Management SystemsRead More
Hikvision Remote Code Execution / XSS / SQL Injection
Latest articles about Operating SystemsRead More
Control Web Panel Unauthenticated Remote Command Execution
Latest articles about Operating SystemsRead More
CVE-2023-0639
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01 and classified as problematic. This issue affects some unknown processing of the
Over 30k Internet-Exposed QNAP NAS hosts impacted by CVE-2022-27596 flaw
Latest articles about FirmwareRead More
Antivirus vs Firewall: What Are the Differences?
Latest articles about Database Management SystemsRead More
CVE-2023-0400
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to
CVE-2023-0640
A vulnerability was found in TRENDnet TEW-652BRP 3.04b01. It has been classified as critical. Affected is an unknown function of
CVE-2023-0641
A vulnerability was found in PHPGurukul Employee Leaves Management System 1.0. It has been declared as problematic. Affected by this
CVE-2022-2546
The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response
Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
Latest articles about Database Management SystemsRead More
Improper input validation in IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data
Latest articles about Database Management SystemsRead More
Multiple vulnerabilities in IBM Watson Discovery Cartridge for IBM Cloud Pak for Data
Latest articles about Database Management SystemsRead More
CVE-2023-0637
A vulnerability, which was classified as critical, was found in TRENDnet TEW-811DRU 1.0.10.0. This affects an unknown part of the
CVE-2023-0638
A vulnerability has been found in TRENDnet TEW-811DRU 1.0.10.0 and classified as critical. This vulnerability affects unknown code of the
CVE-2022-43665
A denial of service vulnerability exists in the malware scan functionality of ESTsoft Alyac 2.5.8.645. A specially-crafted PE file can
Multiple vulnerabilities in IBM i
Latest articles about Database Management SystemsRead More
Multiple vulnerabilities in IBM WebSphere Application Server Patterns
Latest articles about Database Management SystemsRead More
Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
Latest articles about FirmwareRead More
Lack of access control in Oracle Hyperion Provider Services APS/JAPI version 11.1.2.5
Latest articles about Database Management SystemsRead More
Multiple vulnerabilities in Oracle EAS Console version 11.1.2.0
Latest articles about Database Management SystemsRead More
ESTsoft Alyac NT header out of bounds read
Latest articles about Operating SystemsRead More
Multiple vulnerabilities in Oracle EPM Workspace version 11.2.3.0.0.05
Latest articles about Database Management SystemsRead More
6 Ransomware Trends & Evolutions For 2023 | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware
Latest articles about CryptographyRead More
CVE-2023-25015
Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF.National Vulnerability DatabaseRead More
CVE-2023-25013
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing
CVE-2023-25014
An issue was discovered in the femanager extension before 5.5.3, 6.x before 6.3.4, and 7.x before 7.1.0 for TYPO3. Missing
Debian update for openjdk-17
Latest articles about Database Management SystemsRead More
ISC StormCast for Thursday, February 2nd, 2023
Latest articles about Operating SystemsRead More
Slackware: 2023-032-01: apr Security Update
New apr packages are available for Slackware 15.0 and -current to fix security issues.LinuxSecurity – Security AdvisoriesRead More
Debian LTS: DLA-3306-1: python-django security update
Latest articles about LinuxRead More
Slackware: 2023-032-03: mozilla-thunderbird Security Update
New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix a security issue.LinuxSecurity – Security AdvisoriesRead More
Slackware: 2023-032-02: apr-util Security Update
New apr-util packages are available for Slackware 15.0 and -current to fix a security issue.LinuxSecurity – Security AdvisoriesRead More
CVE-2022-45782
An issue was discovered in dotCMS core 5.3.8.5 through 5.3.8.15 and 21.03 through 22.10.1. A cryptographically insecure random generation algorithm
CVE-2022-45783
An issue was discovered in dotCMS core 4.x through 22.10.2. An authenticated directory traversal vulnerability in the dotCMS API can
CVE-2022-47872
maccms10 2021.1000.2000 is vulnerable to Server-side request forgery (SSRF).National Vulnerability DatabaseRead More
io_uring Same Type Object Reuse Privilege Escalation
Latest articles about Operating SystemsRead More
CVE-2023-23750
An issue was discovered in Joomla! 4.0.0 through 4.2.6. A missing token check causes a CSRF vulnerability in the handling
CVE-2023-23751
An issue was discovered in Joomla! 4.0.0 through 4.2.4. A missing ACL check allows non super-admin users to access com_actionlogs.National
vmwgfx Driver File Descriptor Handling Privilege Escalation
Latest articles about LinuxRead More
io_uring Same Type Object Reuse Privilege Escalation
Latest articles about LinuxRead More
vmwgfx Driver File Descriptor Handling Privilege Escalation
Latest articles about Operating SystemsRead More
vmwgfx Driver File Descriptor Handling Privilege Escalation
Latest articles about FirmwareRead More
CVE-2023-0599
Rapid7 Metasploit Pro versions 4.21.2 and lower suffer from a stored cross site scripting vulnerability, due to a lack of
Rapid7’s Metasploit Framework 6.3 is now available
Latest articles about Database Management SystemsRead More
Rapid7’s Metasploit Framework 6.3 is now available
Latest articles about CryptographyRead More
Up to 29,000 unpatched QNAP storage devices are sitting ducks to ransomware | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware
Latest articles about Database Management SystemsRead More
Apple stops signing iOS 16.2 following the release of iOS 16.3 to the public
Latest articles about CryptographyRead More
Apple stops signing iOS 16.2 following the release of iOS 16.3 to the public
Latest articles about Operating SystemsRead More
CVE-2022-37034
In dotCMS 5.x-22.06, it is possible to call the TempResource multiple times, each time requesting the dotCMS server to download
CVE-2023-25012
The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED
CVE-2023-20073 | Cisco RV340/RV340W/RV345/RV345P unrestricted upload (cisco-sa-sb-rv-afu-EXxwA65V)
A vulnerability classified as critical has been found in Cisco RV340, RV340W, RV345 and RV345P. This affects an unknown part.
CVE-2023-20076 | Cisco IOS IOx Application Hosting Environment command injection (cisco-sa-iox-8whGn5dL)
A vulnerability was found in Cisco IOS. It has been rated as critical. Affected by this issue is some unknown
CVE-2023-20023 | Cisco Identity Services Engine CLI command injection (cisco-sa-ise-os-injection-pxhKsDM)
A vulnerability has been found in Cisco Identity Services Engine and classified as critical. Affected by this vulnerability is an
CVE-2023-20022 | Cisco Identity Services Engine CLI command injection (cisco-sa-ise-os-injection-pxhKsDM)
A vulnerability, which was classified as critical, was found in Cisco Identity Services Engine. Affected is an unknown function of
CVE-2023-20021 | Cisco Identity Services Engine CLI command injection (cisco-sa-ise-os-injection-pxhKsDM)
A vulnerability, which was classified as critical, has been found in Cisco Identity Services Engine. This issue affects some unknown
CVE-2023-20030 | Cisco Identity Services Engine xml external entity reference (cisco-sa-ise-xxe-inj-GecEHY58)
A vulnerability classified as problematic was found in Cisco Identity Services Engine. This vulnerability affects unknown code. The manipulation leads
CVE-2023-22284
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes:
CVE-2023-0619
The Kraken.io Image Optimizer plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its
CVE-2022-46934
kkFileView v4.1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the url parameter at /controller/OnlinePreviewController.java.National Vulnerability DatabaseRead More
CVE-2023-20068 | Cisco Prime Infrastructure cross site scripting (cisco-sa-cisco-pi-xss-PU6dnfD9)
A vulnerability was found in Cisco Prime Infrastructure and classified as problematic. Affected by this issue is some unknown functionality.
CVE-2023-23075
Cross Site Scripting (XSS) vulnerability in Zoho Asset Explorer 6.9 via the credential name when creating a new Assets Workstation.National
CVE-2023-23076
OS Command injection vulnerability in Support Center Plus 11 via Executor in Action when creating new schedules.National Vulnerability DatabaseRead More
CVE-2023-23074
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via embedding videos in the language component.National Vulnerability DatabaseRead
CVE-2023-22287
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes:
CVE-2023-23073
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via PO in the purchase component.National Vulnerability DatabaseRead More
CVE-2023-23078
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 14 via the comment field when changing the credentials in
CVE-2023-23077
Cross site scripting (XSS) vulnerability in Zoho ManageEngine ServiceDesk Plus 13 via the comment field when adding a new status
QNAP’s NAS devices affected by a new critical security issue, patches are available
Latest articles about Database Management SystemsRead More
QNAP’s NAS devices affected by a new critical security issue, patches are available
Latest articles about Operating SystemsRead More
QNAP’s NAS devices affected by a new critical security issue, patches are available
Latest articles about FirmwareRead More
CVE-2023-22340
On BIG-IP versions 16.1.x before 16.1.3.3, 15.1.x before 15.1.8, 14.1.x before 14.1.5.3, and all versions of 13.1.x, when a SIP
CVE-2022-47983
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in
CVE-2023-22374
In BIG-IP starting in versions 17.0.0, 16.1.2.2, 15.1.5.1, 14.1.4.6, and 13.1.5 on their respective branches, a format string vulnerability exists