Insecure permissions in the configuration directory (/conf/) of OPNsense before 23.7 allow attackers to access sensitive information (e.g., hashed root password) which could lead to privilege escalati ...
Continue Reading
August 09, 2023
Insecure permissions exist for configd.socket in OPNsense before 23.7.Read More ...
Continue Reading
August 09, 2023
A SQL injection vulnerability exists in the âlogging exportâ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This allows f ...
Continue Reading
August 09, 2023
A SQL injection vulnerability exists in the âticket watchers emailâ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This a ...
Continue Reading
August 09, 2023
A SQL injection vulnerability exists in the âticket event reportâ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. This all ...
Continue Reading
August 09, 2023
A command injection vulnerability in the component /api/cron/settings/setJob/ of OPNsense before 23.7 allows attackers to execute arbitrary system commands.Read More ...
Continue Reading
August 09, 2023
A cross-site scripting (XSS) vulnerability in the act parameter of system_certmanager.php in OPNsense before 23.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.Read M ...
Continue Reading
August 09, 2023
A SQL injection vulnerability exists in the âreporter events type dateâ feature of the ScienceLogic SL1 that takes unsanitized user?controlled input and passes it directly to a SQL query. Th ...
Continue Reading
August 09, 2023
Back to Main
