CVE-2022-41217
Cloudflow contains a unauthenticated file upload vulnerability, which makes it possible for an attacker to upload malicious files to the CLOUDFLOW PROOFSCOPE built-in storage.
Source: CVE-2022-41217
[월:] 2023년 02월
CVE-2023-0949
CVE-2023-0949
Cross-site Scripting (XSS) – Reflected in GitHub repository modoboa/modoboa prior to 2.0.5.
Source: CVE-2023-0949
CVE-2023-26314
CVE-2023-26314
The mono package before 6.8.0.105+dfsg-3.3 for Debian allows arbitrary code execution because the application/x-ms-dos-executable MIME type is associated with an un-sandboxed Mono CLR interpreter.
Source: CVE-2023-26314
CVE-2023-24108
CVE-2023-24108
MvcTools 6d48cd6830fc1df1d8c9d61caa1805fd6a1b7737 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.
Source: CVE-2023-24108
CVE-2023-24107
CVE-2023-24107
hour_of_code_python_2015 commit 520929797b9ca43bb818b2e8f963fb2025459fa3 was discovered to contain a code execution backdoor via the request package (requirements.txt). This vulnerability allows attackers to access sensitive user information and execute arbitrary code.
Source: CVE-2023-24107
CVE-2023-0947
CVE-2023-0947
Path Traversal in GitHub repository flatpressblog/flatpress prior to 1.3.
Source: CVE-2023-0947
CVE-2022-2883
CVE-2022-2883
In affected versions of Octopus Deploy it is possible to upload a zipbomb file as a task which results in Denial of Service
Source: CVE-2022-2883
CVE-2022-38779
CVE-2022-38779
An open redirect issue was discovered in Kibana that could lead to a user being redirected to an arbitrary website if they use a maliciously crafted Kibana URL.
Source: CVE-2022-38779
CVE-2023-20855
CVE-2023-20855
VMware vRealize Orchestrator contains an XML External Entity (XXE) vulnerability. A malicious actor, with non-administrative access to vRealize Orchestrator, may be able to use specially crafted input to bypass XML parsing restrictions leading to access to sensitive information or possible escalation of privileges.
Source: CVE-2023-20855
CVE-2023-20858
CVE-2023-20858
VMware Carbon Black App Control 8.7.x prior to 8.7.8, 8.8.x prior to 8.8.6, and 8.9.x.prior to 8.9.4 contain an injection vulnerability. A malicious actor with privileged access to the App Control administration console may be able to use specially crafted input allowing access to the underlying server operating system.
Source: CVE-2023-20858