| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the system with service account privileges. The vulnerability is caused by an insufficient blacklist during the deserialization process. |
| A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specific port. This can result in unauthorized access, enabling the user to call privileged methods and initiate critical services. The issue arises due to insufficient permission requirements on the method, allowing users with low privileges to perform actions that should require higher-level permissions. |
| A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credential enumeration and exploitation, leading to the leak of plaintext credentials to a malicious host. The attack is facilitated by improper usage of a method that allows operators to add a new host with an attacker-controlled IP, enabling them to retrieve sensitive credentials in plaintext. |
| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Livemesh Livemesh Addons for Elementor.This issue affects Livemesh Addons for Elementor: from n/a through 8.4.0. |
| Enabling Simple Ajax Uploader plugin included in Laragon open-source software allows for a remote code execution (RCE) attack via an improper input validation in a file_upload.php file which serves as an example.
By default, Laragon is not vulnerable until a user decides to use the aforementioned plugin. |
| A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting systems beyond the initial target and potentially leading to broader security vulnerabilities. |
| Kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_users.php. |
| kashipara E-learning Management System v1.0 is vulnerable to SQL Injection in /admin/delete_teacher.php, |
| A stored cross-site scripting (XSS) vulnerability in Alkacon OpenCMS v17.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the image parameter under the Create/Modify article function. |
| Cross Site Scripting vulnerability in Create/Modify article function in Alkacon OpenCMS 17.0 allows remote attacker to inject javascript payload via image title sub-field in the image field |
| code-projects Online Exam Mastering System 1.0 is vulnerable to Cross Site Scripting (XSS) in feedback.php via the "q" parameter allowing remote attackers to execute arbitrary code. |
| An arbitrary file upload vulnerability in the ueditor component of MCMS v5.4.3 allows attackers to execute arbitrary code via uploading a crafted file. |
| An issue in the component /member/index/login of yzmcms v7.0 allows attackers to direct users to malicious sites via a crafted URL. |
| An arbitrary File upload vulnerability exists in Novel-Plus v4.3.0-RC1 and prior versions at com.java2nb.system.controller.SysUserController: uploadImg(). An attacker can pass in specially crafted filename parameter to perform arbitrary File download. |
| The Popup Builder WordPress plugin before 4.2.6 does not validate a parameter before making a request to it, which could allow users with the administrator role to perform SSRF attack in Multisite WordPress configurations. |
| Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1.
In the affected versions, Solr ConfigSets accepted Java jar and class files to be uploaded through the ConfigSets API.
When backing up Solr Collections, these configSet files would be saved to disk when using the LocalFileSystemRepository (the default for backups).
If the backup was saved to a directory that Solr uses in its ClassPath/ClassLoaders, then the jar and class files would be available to use with any ConfigSet, trusted or untrusted.
When Solr is run in a secure way (Authorization enabled), as is strongly suggested, this vulnerability is limited to extending the Backup permissions with the ability to add libraries.
Users are recommended to upgrade to version 8.11.3 or 9.4.1, which fix the issue.
In these versions, the following protections have been added:
* Users are no longer able to upload files to a configSet that could be executed via a Java ClassLoader.
* The Backup API restricts saving backups to directories that are used in the ClassLoader. |
| In keyinstall, there is a possible memory corruption due to type confusion. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08157918; Issue ID: ALPS08157918. |
| An issue was discovered in Veritas NetBackup Flex Scale through 3.0 and Access Appliance through 8.0.100. A default password is persisted after installation and may be discovered and used to escalate privileges. |
| An issue was discovered in Veritas NetBackup Flex Scale through 3.0. An attacker with non-root privileges may escalate privileges to root by using specific commands. |
| Mastodon through 4.0.2 allows attackers to cause a denial of service (large Sidekiq pull queue) by creating bot accounts that follow attacker-controlled accounts on certain other servers associated with a wildcard DNS A record, such that there is uncontrolled recursion of attacker-generated messages. |
