In WS_FTP Server version 8.7.0 prior to 8.7.4 and version 8.8.0 prior to 8.8.2, a SQL injection vulnerability exists in the WS_FTP Server manager interface. An attacker may be able to infer information about the structure and contents of the database and execute SQL statements that alter or delete database elements. Zafiyet ile ilgili Genel…
In WS_FTP Server version 8.7.0 prior to 8.7.4 and version 8.8.0 prior to 8.8.2, a reflected cross-site scripting (XSS) vulnerability exists in WS_FTP Server’s Ad Hoc Transfer module. An attacker could leverage this vulnerability to target WS_FTP Server users with a specialized payload which results in the execution of malicious JavaScript within the context of the…
In WS_FTP Server version 8.7.0 prior to 8.7.4 and version 8.8.0 prior to 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system.  Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
In Progress MOVEit Transfer versions released before 2021.1.8 (13.1.8), 2022.0.8 (14.0.8), 2022.1.9 (14.1.9), 2023.0.6 (15.0.6), a SQL injection vulnerability has been identified in the MOVEit Transfer web interface that could allow a MOVEit system administrator account to gain unauthorized access to the MOVEit Transfer database. A MOVEit system administrator could submit a crafted payload to the MOVEit…
One Identity Password Manager version 5.9.7.1 -Â An unauthenticated attacker with physical access to a workstation may upgrade privileges to SYSTEM through an unspecified method. CWE-250: Execution with Unnecessary Privileges. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.10, FreeSWITCH allows remote users to trigger out of bounds write by offering an ICE candidate with unknown component ID. When an SDP is offered with any…
Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <=Â 2.3.4 versions. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of a post. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını…
The ARMember Lite – Membership Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 4.0.14 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever…
A use-after-free vulnerability exists in the MediaRecorder API of Webkit WebKitGTK 2.40.5. A specially crafted web page can abuse this vulnerability to cause memory corruption and potentially arbitrary code execution. A user would need to to visit a malicious webpage to trigger this vulnerability. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…
The web interface of ATX Ucrypt through 3.5 allows authenticated users (or attackers using default credentials for the admin, master, or user account) to include files via a URL in the /hydra/view/get_cc_url url parameter. There can be resultant SSRF. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the merge request’s source branch. Zafiyet ile ilgili…