#js

A vulnerability was found in SourceCodester Online Computer and Laptop Store 1.0 and classified as critical. This issue affects some unknown processing of the file /classes/Master.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-228803.

Red Hat Security Advisory 2023-2713-01 - Red Hat Single Sign-On 7.6 is a standalone server, based on the Keycloak project, that provides authentication and standards-based single sign-on capabilities for web and mobile applications. This release of Red Hat Single Sign-On 7.6.3 serves as a replacement for Red Hat Single Sign-On 7.6.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues addressed include denial of service and information leakage vulnerabilities.

Red Hat Security Advisory 2023-2029-01 - The OpenShift Security Profiles Operator v0.7.0 is now available. Issues addressed include a denial of service vulnerability.

1. EXECUTIVE SUMMARY CVSS v3 7.2  ATTENTION: Exploitable remotely/low attack complexity Vendor: Siemens Equipment: SIMATIC Cloud Connect 7 Vulnerabilities: Improper Neutralization of Special Elements used in a Command ('Command Injection'), Use of Hard-coded Password, Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Standardized Error Handling Mechanism, Exposure of Sensitive Information to an Unauthorized Actor, Files or Directories Accessible to External Parties 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to execute arbitrary code.  3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following products from Siemens are affected:  SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): All versions V2.0 to V2.1 SIMATIC Cloud Connect 7 CC712 (6GK1411-1AC00): All versions prior to V2.1 SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): All versions V2.0 to V2.1 SIMATIC Cloud Connect 7 CC716 (6GK1411-5AC00): All version...

1. EXECUTIVE SUMMARY CVSS v3 9.8  ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to interact with the database and retrieve critical data. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of SDG PnPSCADA products are affected: PnPSCADA (cross platforms): v2.* 3.2 VULNERABILITY OVERVIEW 3.2.1 IMPROPER NEUTRALIZATION OF SPECIAL ELEMENTS USED IN AN SQL COMMAND ('SQL INJECTION') CWE-89 The PnPSCADA system, a product of SDG Technologies CC, is afflicted by a critical unauthenticated error-based PostgreSQL Injection vulnerability. Present within the hitlogcsv.jsp endpoint, this security flaw permits unauthenticated attackers to engage with the underlying database seamlessly and passively. Consequently, malicious actors could gain access to vital information, such as Industrial Control System (ICS) and OT d...

1. EXECUTIVE SUMMARY CVSS v3 10.0  ATTENTION: Exploitable remotely/low attack complexity Vendor: Teltonika Equipment: Remote Management System and RUT model routers Vulnerabilities: Observable Response Discrepancy, Improper Authentication, Server-Side Request Forgery, Cross-site Scripting, Inclusion of Web Functionality from an Untrusted Source, External Control of System of Configuration Setting, OS Command Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could expose sensitive device information and device credentials, enable remote code execution, expose connected devices managed on the network, and allow impersonation of legitimate devices. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Teltonika products are affected: Remote Management System (RMS): Versions prior to 4.10.0 (affected by CVE-2023-32346, CVE-2023-32347, CVE-2023-32348, CVE-2023-2587, CVE-2023-2588) Remote Management System (RMS): Versions prior to 4.14.0 (affected by CVE-2023-2...

An issue was discovered on GL.iNet devices before 3.216. The function guci2_get() found in libglutil.so has a buffer overflow when an item is requested from a UCI context, and the value is pasted into a char pointer to a buffer without checking the size of the buffer.

Updated Red Hat OpenShift Distributed Tracing 2.8 container images are now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very...

A file disclosure vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator with access to the web interface to export local files from the firewall through a race condition.

A cross-site scripting (XSS) vulnerability in Palo Alto Networks PAN-OS software on Panorama appliances enables an authenticated read-write administrator to store a JavaScript payload in the web interface that will execute in the context of another administrator’s browser when viewed.