This is the RSS 2.0 feed from www.secnews.physaphae.fr. IT's a simple agragated flow of multiple articles soruces. Liste of sources, can be found on www.secnews.physaphae.fr. 2024-06-02T07:48:56+00:00 www.secnews.physaphae.fr CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45761 www.secnews.physaphae.fr/article.php?IdArticle=8400408 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45758 www.secnews.physaphae.fr/article.php?IdArticle=8400406 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45759 www.secnews.physaphae.fr/article.php?IdArticle=8400407 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Scroll post excerpt plugin ]]> 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45764 www.secnews.physaphae.fr/article.php?IdArticle=8400409 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45770 www.secnews.physaphae.fr/article.php?IdArticle=8400413 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45829 www.secnews.physaphae.fr/article.php?IdArticle=8400415 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45767 www.secnews.physaphae.fr/article.php?IdArticle=8400410 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45769 www.secnews.physaphae.fr/article.php?IdArticle=8400412 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45768 www.secnews.physaphae.fr/article.php?IdArticle=8400411 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:34+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45755 www.secnews.physaphae.fr/article.php?IdArticle=8400404 False Vulnerability None None CVE Liste - Common Vulnerability Exposure File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via modification of the imageext parameter from jpg, jpeg,gif, and png to jpg, jpeg,gif, png, pphphp.]]> 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45554 www.secnews.physaphae.fr/article.php?IdArticle=8400394 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45747 www.secnews.physaphae.fr/article.php?IdArticle=8400401 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45640 www.secnews.physaphae.fr/article.php?IdArticle=8400398 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45646 www.secnews.physaphae.fr/article.php?IdArticle=8400400 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45750 www.secnews.physaphae.fr/article.php?IdArticle=8400402 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45754 www.secnews.physaphae.fr/article.php?IdArticle=8400403 False Vulnerability None None CVE Liste - Common Vulnerability Exposure File Upload vulnerability in zzzCMS v.2.1.9 allows a remote attacker to execute arbitrary code via a crafted file to the down_url function in zzz.php file.]]> 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45555 www.secnews.physaphae.fr/article.php?IdArticle=8400395 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45637 www.secnews.physaphae.fr/article.php?IdArticle=8400397 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45644 www.secnews.physaphae.fr/article.php?IdArticle=8400399 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:33+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-45634 www.secnews.physaphae.fr/article.php?IdArticle=8400396 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A File upload vulnerability in RiteCMS 3.0 allows a local attacker to upload a SVG file with XSS content.]]> 2023-10-25T18:17:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44767 www.secnews.physaphae.fr/article.php?IdArticle=8400389 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a non-privileged user on the underlying operating system leading to partial system compromise.]]> 2023-10-25T18:17:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43510 www.secnews.physaphae.fr/article.php?IdArticle=8400386 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious software.]]> 2023-10-25T18:17:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43509 www.secnews.physaphae.fr/article.php?IdArticle=8400385 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A Cross-Site Scripting (XSS) vulnerability in Zenario CMS v.9.4.59197 allows a local attacker to execute arbitrary code via a crafted script to the Spare aliases from Alias.]]> 2023-10-25T18:17:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44769 www.secnews.physaphae.fr/article.php?IdArticle=8400390 False Vulnerability None None CVE Liste - Common Vulnerability Exposure GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The OGC Web Processing Service (WPS) specification is designed to process information from any server using GET and POST requests. This presents the opportunity for Server Side Request Forgery. This vulnerability has been patched in version 2.22.5 and 2.23.2.]]> 2023-10-25T18:17:32+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43795 www.secnews.physaphae.fr/article.php?IdArticle=8400387 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The vulnerability allows an unprivileged(untrusted) third-party application to interact with a content-provider unsafely exposed by the Android Agent application, potentially modifying sensitive settings of the Android Client application itself.]]> 2023-10-25T18:17:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41960 www.secnews.physaphae.fr/article.php?IdArticle=8400348 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in the ClearPass OnGuard Linux agent could allow malicious users on a Linux instance to elevate their user privileges to those of a higher role. A successful exploit allows malicious users to execute arbitrary code with root level privileges on the Linux instance.]]> 2023-10-25T18:17:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43506 www.secnews.physaphae.fr/article.php?IdArticle=8400382 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an authenticated remote attacker to conduct SQL injection attacks against the ClearPass Policy Manager instance. An attacker could exploit this vulnerability to obtain and modify sensitive information in the underlying database potentially leading to complete compromise of the ClearPass Policy Manager cluster.]]> 2023-10-25T18:17:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43507 www.secnews.physaphae.fr/article.php?IdArticle=8400383 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.]]> 2023-10-25T18:17:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43488 www.secnews.physaphae.fr/article.php?IdArticle=8400381 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Top Directory parameter in the File Picker Menu component.]]> 2023-10-25T18:17:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43360 www.secnews.physaphae.fr/article.php?IdArticle=8400380 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. Successful exploitation of these vulnerabilities allow an attacker to complete state-changing actions in the web-based management interface that should not be allowed by their current level of authorization on the platform.]]> 2023-10-25T18:17:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43508 www.secnews.physaphae.fr/article.php?IdArticle=8400384 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Double Free vulnerability in Nothings Stb Image.h v.2.28 allows a remote attacker to cause a denial of service via a crafted file to the stbi_load_gif_main function.]]> 2023-10-25T18:17:31+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43281 www.secnews.physaphae.fr/article.php?IdArticle=8400379 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The vulnerability allows an unprivileged user with access to the subnet of the TPC-110W device to gain a root shell on the device itself abusing the lack of authentication of the ‘su’ binary file installed on the device that can be accessed through the ADB (Android Debug Bridge) protocol exposed on the network.]]> 2023-10-25T18:17:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41255 www.secnews.physaphae.fr/article.php?IdArticle=8400344 False Vulnerability None None CVE Liste - Common Vulnerability Exposure GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an ``sld=`` parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles, without also configuring URL checks, provides the opportunity for Service Side Request Forgery. This vulnerability can be used to steal user NetNTLMv2 hashes which could be relayed or cracked externally to gain further access. This vulnerability has been patched in versions 2.22.5 and 2.23.2.]]> 2023-10-25T18:17:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41339 www.secnews.physaphae.fr/article.php?IdArticle=8400345 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The vulnerability allows an unprivileged (untrusted) third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcoded RSA key pair]]> 2023-10-25T18:17:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-41372 www.secnews.physaphae.fr/article.php?IdArticle=8400346 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was reported in Elliptic Labs Virtual Lock Sensor for ThinkPad T14 Gen 3 that could allow an attacker with local access to execute code with elevated privileges.]]> 2023-10-25T18:17:30+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-3112 www.secnews.physaphae.fr/article.php?IdArticle=8400292 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A first-factor authentication bypass vulnerability exists in the PingFederate with PingID Radius PCV when a MSCHAP authentication request is sent via a maliciously crafted RADIUS client request.]]> 2023-10-25T18:17:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39930 www.secnews.physaphae.fr/article.php?IdArticle=8400327 False Vulnerability None None CVE Liste - Common Vulnerability Exposure PingFederate using the PingOne MFA adapter allows a new MFA device to be paired without requiring second factor authentication from an existing registered device. A threat actor may be able to exploit this vulnerability to register their own MFA device if they have knowledge of a victim user\'s first factor credentials.]]> 2023-10-25T18:17:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39231 www.secnews.physaphae.fr/article.php?IdArticle=8400312 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:29+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-39924 www.secnews.physaphae.fr/article.php?IdArticle=8400326 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment\'s content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn\'t remove `/` or `\` from the filename. As the mime type of the attachment doesn\'t matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter.]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37913 www.secnews.physaphae.fr/article.php?IdArticle=8400309 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to phishing attacks, malware distribution, and unauthorized access to sensitive resources.]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-36085 www.secnews.physaphae.fr/article.php?IdArticle=8400302 False Malware,Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37912 www.secnews.physaphae.fr/article.php?IdArticle=8400308 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version.]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37910 www.secnews.physaphae.fr/article.php?IdArticle=8400306 False Vulnerability None None CVE Liste - Common Vulnerability Exposure XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.]]> 2023-10-25T18:17:28+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37911 www.secnews.physaphae.fr/article.php?IdArticle=8400307 False Vulnerability None None CVE Liste - Common Vulnerability Exposure vCenter Server contains an out-of-bounds write vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access to vCenter Server may trigger an out-of-bounds write potentially leading to remote code execution.]]> 2023-10-25T18:17:27+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-34048 www.secnews.physaphae.fr/article.php?IdArticle=8400297 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The Hawk Console and Hawk Agent components of TIBCO Software Inc.\'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.\'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.]]> 2023-10-25T18:17:25+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-26219 www.secnews.physaphae.fr/article.php?IdArticle=8400259 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-25T18:17:24+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-25032 www.secnews.physaphae.fr/article.php?IdArticle=8400258 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability in the web UI feature of Cisco IOS XE Software could allow an authenticated, remote attacker to inject commands with the privileges of root. This vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by sending crafted input to the web UI. A successful exploit could allow the attacker to inject commands to the underlying operating system with root privileges.]]> 2023-10-25T18:17:23+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-20273 www.secnews.physaphae.fr/article.php?IdArticle=8400256 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Incorrect Permission Assignment for Critical Resource in GitHub Enterprise Server that allowed local operating system user accounts to read MySQL connection details including the MySQL password via configuration files. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in versions 3.7.18, 3.8.11, 3.9.6, and 3.10.3.]]> 2023-10-25T18:17:23+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-23767 www.secnews.physaphae.fr/article.php?IdArticle=8400257 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A privilege escalation vulnerability was reported in the Lenovo HardwareScanPlugin prior to version 1.3.1.2 and Lenovo Diagnostics prior to version 4.45 that could allow a local user to execute code with elevated privileges.]]> 2023-10-25T18:17:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3699 www.secnews.physaphae.fr/article.php?IdArticle=8400252 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.]]> 2023-10-25T18:17:15+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-3698 www.secnews.physaphae.fr/article.php?IdArticle=8400251 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A directory traversal vulnerability exists in the AgeVolt Portal prior to version 0.1 that leads to Information Disclosure. A remote authenticated attacker could leverage this vulnerability to read files from any location on the target operating system with web server privileges.]]> 2023-10-25T18:17:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38485 www.secnews.physaphae.fr/article.php?IdArticle=8400254 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An arbitrary file upload and directory traversal vulnerability exist in the file upload functionality of the System Setup menu in AgeVolt Portal prior to version 0.1. A remote authenticated attacker could leverage this vulnerability to upload files to any location on the target operating system with web server privileges.]]> 2023-10-25T18:17:14+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38484 www.secnews.physaphae.fr/article.php?IdArticle=8400253 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A denial of service vulnerability was reported in the Lenovo HardwareScanPlugin versions prior to 1.3.1.2 and  Lenovo Diagnostics versions prior to 4.45 that could allow a local user with administrative access to trigger a system crash.]]> 2023-10-25T18:16:54+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-0353 www.secnews.physaphae.fr/article.php?IdArticle=8400250 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the Service, and website URL to Ping parameters of the admin/trackback.php component.]]> 2023-10-24T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46059 www.secnews.physaphae.fr/article.php?IdArticle=8399595 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in Geeklog-Core geeklog v.2.2.2 allows a remote attacker to execute arbitrary code via a crafted payload to the grp_desc parameter of the admin/group.php component.]]> 2023-10-24T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46058 www.secnews.physaphae.fr/article.php?IdArticle=8399594 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Title parameter in the News Menu component.]]> 2023-10-23T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43358 www.secnews.physaphae.fr/article.php?IdArticle=8399524 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Multiple Cross Site Scripting (XSS) vulnerabilities in Concrete CMS v.9.2.1 allow an attacker to execute arbitrary code via a crafted script to the Header and Footer Tracking Codes of the SEO & Statistics.]]> 2023-10-23T22:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-44760 www.secnews.physaphae.fr/article.php?IdArticle=8399525 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A stored cross-site scripting (XSS) vulnerability in UVDesk Community Skeleton v1.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field when creating a ticket.]]> 2023-10-23T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37636 www.secnews.physaphae.fr/article.php?IdArticle=8399493 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Security Verify Governance 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 256037.]]> 2023-10-23T20:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-33840 www.secnews.physaphae.fr/article.php?IdArticle=8399491 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A stored cross-site scripting (XSS) vulnerability in the Admin panel in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Role Name parameter.]]> 2023-10-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27148 www.secnews.physaphae.fr/article.php?IdArticle=8399486 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A stored cross-site scripting (XSS) vulnerability in Enhancesoft osTicket v1.17.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Label input parameter when updating a custom list.]]> 2023-10-23T20:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-27149 www.secnews.physaphae.fr/article.php?IdArticle=8399487 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflow.This issue affects Apache Airflow from 2.4.0 to 2.7.0. Sensitive configuration information has been exposed to authenticated users with the ability to read configuration via Airflow REST API for configuration even when the expose_config option is set to non-sensitive-only. The expose_config option is False by default. It is recommended to upgrade to a version that is not affected if you set expose_config to non-sensitive-only configuration. This is a different error than CVE-2023-45348 which allows authenticated user to retrieve individual configuration values in 2.7.* by specially crafting their request (solved in 2.7.2). Users are recommended to upgrade to version 2.7.2, which fixes the issue and additionally fixes CVE-2023-45348.]]> 2023-10-23T19:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46288 www.secnews.physaphae.fr/article.php?IdArticle=8399454 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Sterling Partner Engagement Manager 6.1.2, 6.2.0, and 6.2.2 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 262174.]]> 2023-10-23T18:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38722 www.secnews.physaphae.fr/article.php?IdArticle=8399452 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell Unity prior to 5.3 contains an XML External Entity injection vulnerability. An XXE attack could potentially exploit this vulnerability disclosing local files in the file system.]]> 2023-10-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43067 www.secnews.physaphae.fr/article.php?IdArticle=8399412 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Dell Unity prior to 5.3 contains a Restricted Shell Bypass vulnerability. This could allow an authenticated, local attacker to exploit this vulnerability by authenticating to the device CLI and issuing certain commands.]]> 2023-10-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43066 www.secnews.physaphae.fr/article.php?IdArticle=8399411 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure sbt is a build tool for Scala, Java, and others. Given a specially crafted zip or JAR file, `IO.unzip` allows writing of arbitrary file. This would have potential to overwrite `/root/.ssh/authorized_keys`. Within sbt\'s main code, `IO.unzip` is used in `pullRemoteCache` task and `Resolvers.remote`; however many projects use `IO.unzip(...)` directly to implement custom tasks. This vulnerability has been patched in version 1.9.7.]]> 2023-10-23T16:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46122 www.secnews.physaphae.fr/article.php?IdArticle=8399413 False Tool,Vulnerability None None CVE Liste - Common Vulnerability Exposure Frappe is a full-stack web application framework that uses Python and MariaDB on the server side and an integrated client side library. A malicious Frappe user with desk access could create documents containing HTML payloads allowing HTML Injection. This vulnerability has been patched in version 14.49.0.]]> 2023-10-23T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46127 www.secnews.physaphae.fr/article.php?IdArticle=8399369 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Dell Unity 5.3 contain(s) an Arbitrary File Creation vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by crafting arbitrary files through a request to the server.]]> 2023-10-23T15:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43074 www.secnews.physaphae.fr/article.php?IdArticle=8399368 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. A local adversary may be able to execute code with SYSTEM privileges.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26736 www.secnews.physaphae.fr/article.php?IdArticle=8399356 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-26738 www.secnews.physaphae.fr/article.php?IdArticle=8399358 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28796 www.secnews.physaphae.fr/article.php?IdArticle=8399361 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28793 www.secnews.physaphae.fr/article.php?IdArticle=8399359 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28795 www.secnews.physaphae.fr/article.php?IdArticle=8399360 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28804 www.secnews.physaphae.fr/article.php?IdArticle=8399364 False Vulnerability None None CVE Liste - Common Vulnerability Exposure An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105]]> 2023-10-23T14:15:09+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-28805 www.secnews.physaphae.fr/article.php?IdArticle=8399365 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.]]> 2023-10-23T07:15:11+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-31122 www.secnews.physaphae.fr/article.php?IdArticle=8399251 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243140. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-23T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5702 www.secnews.physaphae.fr/article.php?IdArticle=8399172 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability has been found in vnotex vnote up to 3.17.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component Markdown File Handler. The manipulation with the input Click here leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243139. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-23T01:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5701 www.secnews.physaphae.fr/article.php?IdArticle=8399171 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure alerte (1234) A vulnerability classified as problematic has been found in CodeAstro Internet Banking System 1.0. This affects an unknown part of the file pages_withdraw_money.php. The manipulation of the argument account_number with the input 287359614-->alert(1234)]]> 2023-10-23T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5697 www.secnews.physaphae.fr/article.php?IdArticle=8399167 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure alerte (9523) ]]> 2023-10-23T00:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5698 www.secnews.physaphae.fr/article.php?IdArticle=8399168 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure alerte (9206) ]]> 2023-10-22T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5696 www.secnews.physaphae.fr/article.php?IdArticle=8399097 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file pages_reset_pwd.php. The manipulation of the argument email with the input testing%40example.com\'%26%25alert(9860) leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243133 was assigned to this vulnerability.]]> 2023-10-22T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5695 www.secnews.physaphae.fr/article.php?IdArticle=8399096 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in CodeAstro Internet Banking System 1.0 and classified as critical. This issue affects some unknown processing of the file pages_reset_pwd.php. The manipulation of the argument email leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243131.]]> 2023-10-22T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5693 www.secnews.physaphae.fr/article.php?IdArticle=8399094 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in CodeAstro Internet Banking System 1.0. It has been classified as problematic. Affected is an unknown function of the file pages_system_settings.php. The manipulation of the argument sys_name with the input alert(991) leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-243132.]]> 2023-10-22T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5694 www.secnews.physaphae.fr/article.php?IdArticle=8399095 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure 2023-10-22T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46095 www.secnews.physaphae.fr/article.php?IdArticle=8399091 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-22T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46089 www.secnews.physaphae.fr/article.php?IdArticle=8399090 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-22T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46085 www.secnews.physaphae.fr/article.php?IdArticle=8399089 False Vulnerability None None CVE Liste - Common Vulnerability Exposure IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.]]> 2023-10-22T02:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38735 www.secnews.physaphae.fr/article.php?IdArticle=8398848 False Vulnerability,Threat,Cloud None None CVE Liste - Common Vulnerability Exposure 2023-10-21T22:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46078 www.secnews.physaphae.fr/article.php?IdArticle=8398785 False Vulnerability None None CVE Liste - Common Vulnerability Exposure 2023-10-21T21:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46067 www.secnews.physaphae.fr/article.php?IdArticle=8398760 False Vulnerability None None CVE Liste - Common Vulnerability Exposure The SALESmanago plugin for WordPress is vulnerable to Log Injection in versions up to, and including, 3.2.4. This is due to the use of a weak authentication token for the /wp-json/salesmanago/v1/callbackApiV3 API endpoint which is simply a SHA1 hash of the site URL and client ID found in the page source of the website. This makes it possible for unauthenticated attackers to inject arbitrary content into the log files, and when combined with another vulnerability this could have significant consequences.]]> 2023-10-21T08:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-4939 www.secnews.physaphae.fr/article.php?IdArticle=8398605 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting (XSS) vulnerability in WBCE CMS v.1.6.1 and before allows a remote attacker to escalate privileges via a crafted script to the website_footer parameter in the admin/settings/save.php component.]]> 2023-10-21T07:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-46054 www.secnews.physaphae.fr/article.php?IdArticle=8398602 False Vulnerability None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231012. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /importexport.php. The manipulation leads to os command injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-243061 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-21T07:15:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5684 www.secnews.physaphae.fr/article.php?IdArticle=8398608 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure A vulnerability was found in Beijing Baichuo Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btn_file_renew leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-243059. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.]]> 2023-10-21T05:16:07+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-5683 www.secnews.physaphae.fr/article.php?IdArticle=8398607 False Vulnerability,Threat None None CVE Liste - Common Vulnerability Exposure Cross-site scripting (XSS) vulnerability in opensolution Quick CMS v.6.7 allows a local attacker to execute arbitrary code via a crafted script to the Backend - Dashboard parameter in the Languages Menu component.]]> 2023-10-20T23:15:08+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43346 www.secnews.physaphae.fr/article.php?IdArticle=8398452 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the password and password again parameters in the My Preferences - Add user component.]]> 2023-10-20T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43355 www.secnews.physaphae.fr/article.php?IdArticle=8398455 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Profiles parameter in the Extensions -MicroTiny WYSIWYG editor component.]]> 2023-10-20T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43354 www.secnews.physaphae.fr/article.php?IdArticle=8398454 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the extra parameter in the news menu component.]]> 2023-10-20T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43353 www.secnews.physaphae.fr/article.php?IdArticle=8398453 False Vulnerability None None CVE Liste - Common Vulnerability Exposure Cross Site Scripting vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to execute arbitrary code via a crafted script to the Global Meatadata parameter in the Global Settings Menu component.]]> 2023-10-20T22:15:10+00:00 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43356 www.secnews.physaphae.fr/article.php?IdArticle=8398456 False Vulnerability None None