Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-34210: ZUSO Generation 如梭世代

SQL Injection in create customer group function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to execute arbitrary SQL commands via the ctl00$ContentPlaceHolder1$txtCustSQL parameter.

CVE
Open in Source
#sql#vulnerability#git#auth
CVE-2023-34208: ZUSO Generation 如梭世代

Path Traversal in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive.

CVE-2023-34207: ZUSO Generation 如梭世代

Unrestricted upload of file with dangerous type vulnerability in create template function in EasyUse MailHunter Ultimate 2023 and earlier allows remote authenticated users to perform arbitrary system commands with ‘NT Authority\SYSTEM‘ privilege via a crafted ZIP archive.

CVE-2022-43892: IBM Security Verify Privilege information disclosure CVE-2022-43892 Vulnerability Report

IBM Security Verify Privilege On-Premises 11.5 does not validate, or incorrectly validates, a certificate which could disclose sensitive information which could aid further attacks against the system. IBM X-Force ID: 240455.

CVE-2022-43891: IBM Security Verify Privilege information disclosure CVE-2022-43891 Vulnerability Report

IBM Security Verify Privilege On-Premises 11.5 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 240454.

CVE-2022-22385: IBM Security Verify Privilege information disclosure CVE-2022-22385 Vulnerability Report

IBM Security Verify Privilege On-Premises 11.5 could disclose sensitive information to an attacked due to the transmission of data in clear text. IBM X-Force ID: 221962.

CVE-2022-22375: IBM Security Verify Privilege command execution CVE-2022-22375 Vulnerability Report

IBM Security Verify Privilege On-Premises 11.5 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. IBM X-Force ID: 221681.

CVE-2022-43893: ELAN Microelectronics Miniport touchpad Windows driver denial of service CVE-2021-42205 Vulnerability Report

IBM Security Verify Privilege On-Premises 11.5 could allow a privileged user to cause by using a malicious payload. IBM X-Force ID: 240634.

CVE-2021-38859: IBM Security Verify Privilege information disclosure CVE-2021-38859 Vulnerability Report

IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain version number information using a specially crafted HTTP request that could be used in further attacks against the system. IBM X-Force ID: 207899.

CVE-2021-20581: IBM Security Verify Privilege information disclosure CVE-2021-20581 Vulnerability Report

IBM Security Verify Privilege On-Premises 11.5 could allow a user to obtain sensitive information due to insufficient session expiration. IBM X-Force ID: 199324.