RWS WorldServer versions 11.7.3 and below suffer from a session token enumeration vulnerability.
3809eddfb426d1ed940f1b902726114b7c7322dfe9d241fc6e98fd22830832ca
Ubuntu Security Notice 6237-1 - Hiroki Kurosawa discovered that curl incorrectly handled validating certain certificate wildcards. A remote attacker could possibly use this issue to spoof certain website certificates using IDN hosts. Hiroki Kurosawa discovered that curl incorrectly handled callbacks when certain options are set by applications. This could cause applications using curl to misbehave, resulting in information disclosure, or a denial of service.
51f46d8ba4e11574eb483e508710565644dc207c352aed8e601c8ec28e6a4ba4
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment to access restricted pages in the Openfire Admin Console reserved for administrative users. This Metasploit module will use the vulnerability to create a new admin user that will be used to upload a Openfire management plugin weaponized with a java native payload that triggers remote code execution. This vulnerability affects all versions of Openfire that have been released since April 2015, starting with version 3.10.0. The problem has been patched in Openfire release 4.7.5 and 4.6.8, and further improvements will be included in the first version on the 4.8 branch, which is version 4.8.0.
88a0702601cff01264e02916f842525d503acf8b450db38e6b24d4a2d9099b89
PaulPrinting CMS suffers from persistent cross site scripting vulnerabilities.
0b9b7ad7b52dff7dadc73e6b15ebce81609bbccc522be48093c9fc76d4869227
Red Hat Security Advisory 2023-4053-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.45. Issues addressed include a code execution vulnerability.
3bcde00c10f50e0c04e8bb156e955aa18c0b0fde3d60fb4c86dca74a55ed295e
ShowMojo MojoBox Digital Lockbox with firmware versions prior to 1.4 are vulnerable to authentication bypass. The implementation of the lock opening mechanism via Bluetooth Low Energy (BLE) is vulnerable to replay attacks.
c8d01ab621c05b5cf222dd8cb734378695bdd49996ea9fd01e1440dcdf9d4afc
Aures Booking and POS Terminal suffers from a local privilege escalation vulnerability.
65dcbce0dd25b1ee5a8f8ed1f420757b81a899961e2fd8df51f43e586fd4d3f1
This is a Linux/portable port of OpenBSD's excellent OpenSSH. OpenSSH is based on the last free version of Tatu Ylonen's SSH with all patent-encumbered algorithms removed, all known security bugs fixed, new features reintroduced, and many other clean-ups.
200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8
Ubuntu Security Notice 6236-1 - It was discovered that ConnMan could be made to write out of bounds. A remote attacker could possibly use this issue to cause ConnMan to crash, resulting in a denial of service, or possibly execute arbitrary code. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS. It was discovered that ConnMan could be made to leak sensitive information via the gdhcp component. A remote attacker could possibly use this issue to obtain information for further exploitation. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS.
f3894c0008a42ac92888785f910724c4ae5b50e31e7b89bdf6b252564b1bdb6f
Webile version 1.0.1 suffers from multiple cross site scripting vulnerabilities.
9f5ef29f2e536ba47a2d55d09865dd5fd682e893f3576420ebd9b11e81f44a03
Dooblou WiFi File Explorer version 1.13.3 suffers from multiple cross site scripting vulnerabilities.
fc057810667f574cf1a766dc21c16490b2720f260231453db7f897daf835bedd
Red Hat Security Advisory 2023-4204-01 - VolSync is a Kubernetes operator that enables asynchronous replication of persistent volumes within a cluster, or across clusters. After deploying the VolSync operator, it can create and maintain copies of your persistent data.
e28b9f4d75c6a5705f4b1069ef08aac3955a1d0c7eb2e93e2d4ebfbb62fbc557
PaulPrinting CMS suffers from a cross site scripting vulnerability.
1476838dfeb8caf84a49a3c37d8d86599c7d06983852e43569841ef23d18583a
Red Hat Security Advisory 2023-4201-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
a7d7554b6d74914a196337b5c2553010ed7ed00bbfd369756b272b6f2aa01588
Tiva Events Calender version 1.4 suffers from a persistent cross site scripting vulnerability.
ff6d43136930eb7be361f52eebe6e20e440999b2b18d5e0ec023055d03babdcd
Active Super Shop CMS version 2.5 suffers from an html injection vulnerability.
c721b298b72ab93ba44d36855084d2b6d6fc5a1941dd49801fe8154a10186b28
Red Hat Security Advisory 2023-4202-01 - WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Issues addressed include a code execution vulnerability.
f83c9132ee29579547e8f9c92f9007ae3c552152caee5d0e4d8338bfb5ae1760
Boom CMS version 8.0.7 suffers from a cross site scripting vulnerability.
946b502817cdfae4ddafbe5d6ea5c8846de4a8be41c8ba1e4f42c00f6ea8bded
Microsoft Office 365 version 18.2305.1222.0 suffers from a remote code execution vulnerability when a malicious link is clicked on in a Word file.
7b4fc08e37b6434887181c5603d0fcdb5ef2c0caef143f547da4b1a8d70b9799
Red Hat Security Advisory 2023-4200-01 - A new release for Red Hat Build of OptaPlanner 8.38.0 for Quarkus 2.13.8 including security updates is now available. The purpose of this text-only errata is to inform you about the security issues fixed. Red Hat Product Security has rated this update as having an impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.
bc405a6019830ee64b8cccb664b61b110b2fc08ca6c32796b1b791ffae0bb212
The call for papers for Hardwear.io 2023 in the Netherlands is now open. It will take place November 2nd through the 3rd, 2023 at the Marriott Hotel, The Hague, Netherlands.
ec87fd1f62c43c5094a8b7edcbb92181ee748aea83102c2abf02a405cf32899b
Ubuntu Security Notice 6233-1 - It was discovered that YAJL was not properly performing bounds checks when decoding a string with escape sequences. If a user or automated system using YAJL were tricked into processing specially crafted input, an attacker could possibly use this issue to cause a denial of service. It was discovered that YAJL was not properly handling memory allocation when dealing with large inputs, which could lead to heap memory corruption. If a user or automated system using YAJL were tricked into running a specially crafted large input, an attacker could possibly use this issue to cause a denial of service.
dc76af79630bbfeaaf462528d36963309713ef6633d5dd1d737257cd112afad5
Clip Share version 4.1.4 suffers from a cross site scripting vulnerability.
f104b1e9de39e7d0bb70da284aab85d83380acd95357f1cdeaf43197d30dc724
Ciuis CRM version 1.0.7 suffers from an add administrator vulnerability.
2b286a02c597cbb32afc9266045e6da8b1c71e5dbceb7655aed5c7f1b146456e
Red Hat Security Advisory 2023-4203-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.
46c15e24854b58d292795c5f401e74c5dda9a33b793f95b1a91fc41e5a0d1e7b