Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-41717: GitHub - federella/CVE-2023-41717: This repository is to provide a write-up and PoC for CVE-2023-41717.

Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.

CVE
Open in Source
#vulnerability#microsoft#git#intel#perl
CVE-2022-46868

Local privilege escalation during recovery due to improper soft link handling. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173.

CVE-2022-45451

Local privilege escalation due to insecure driver communication port permissions. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40173, Acronis Agent (Windows) before build 30600, Acronis Cyber Protect 15 (Windows) before build 30984.

CVE-2023-41742

Excessive attack surface due to binding to an unrestricted IP address. The following products are affected: Acronis Agent (Linux, macOS, Windows) before build 30430, Acronis Cyber Protect 15 (Linux, macOS, Windows) before build 35979.

CVE-2023-41638: Disclosure/CVE PoC/CVE-ID | RealGimm - RCE via Unrestricted File Upload.md at main · CapgeminiCisRedTeam/Disclosure

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file.

CVE-2023-41637: Disclosure/CVE PoC/CVE-ID | RealGimm - Stored Cross-site Scripting.md at main · CapgeminiCisRedTeam/Disclosure

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file.

CVE-2023-41642: Disclosure/CVE PoC/CVE-ID | RealGimm - Reflected Cross-site Scripting.md at main · CapgeminiCisRedTeam/Disclosure

Multiple reflected cross-site scripting (XSS) vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter.

CVE-2023-41635: Disclosure/CVE PoC/CVE-ID | RealGimm - XML External Entity Injection.md at main · CapgeminiCisRedTeam/Disclosure

A XML External Entity (XXE) vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file.

CVE-2023-41640: Disclosure/CVE PoC/CVE-ID | RealGimm - Information disclosure.md at main · CapgeminiCisRedTeam/Disclosure

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query.

CVE-2023-41636: Disclosure/CVE PoC/CVE-ID | RealGimm - SQL Injection(1).md at main · CapgeminiCisRedTeam/Disclosure

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query.