Page 258 of 14922 results (0.015 seconds)

CVSS: 9.8EPSS: 89%CPEs: 3EXPL: 2

PaperCut NG and PaperCut MF before 22.1.3 on Windows allow path traversal, enabling attackers to upload, read, or delete arbitrary files. This leads to remote code execution when external device integration is enabled (a very common configuration). PaperCut NG y PaperCut MF antes de 22.1.3 en Windows permiten atravesar rutas, lo que permite a los atacantes cargar, leer o eliminar archivos arbitrarios. Esto conduce a la ejecución remota de código cuando la integración de dispositivos externos está habilitada (una configuración muy común). • https://github.com/codeb0ss/CVE-2023-39143 https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability https://www.papercut.com/kb/Main/securitybulletinjuly2023 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 7.4EPSS: 0%CPEs: 11EXPL: 0

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in CrafterCMS Engine on Windows, MacOS, Linux, x86, ARM, 64 bit allows Reflected XSS.This issue affects CrafterCMS: from 4.0.0 through 4.0.2, from 3.1.0 through 3.1.27. CrafterCMS versions 4.0.2 and below suffer from multiple cross site scripting vulnerabilities. • http://packetstormsecurity.com/files/174304/CrafterCMS-4.0.2-Cross-Site-Scripting.html http://seclists.org/fulldisclosure/2023/Aug/30 https://docs.craftercms.org/en/4.0/security/advisory.html#cv-2023080301 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 0

Fabasoft Cloud Enterprise Client 23.3.0.130 allows a user to escalate their privileges to local administrator. • https://help.supportservices.fabasoft.com/index.php?topic=doc/Vulnerabilities-Fabasoft-Folio/vulnerabilities-2023.htm#client-autoupdate-harmful-code-installation-vulnerability-pdo06614- https://www.compass-security.com/fileadmin/Research/Advisories/2023_01_CSNC-2023-002_LPE_Cloud_Client.txt •

CVSS: 7.1EPSS: 0%CPEs: 8EXPL: 0

An insufficient verification of data vulnerability exists in BIG-IP Edge Client for Windows and macOS that may allow an attacker to modify its configured server list.  Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. Existe una vulnerabilidad de verificación insuficiente de datos en BIG-IP Edge Client para Windows y macOS que puede permitir a un atacante modificar su lista de servidores configurados. Nota: No se evalúan las versiones de software que han alcanzado el fin del soporte técnico (EoTS). • https://my.f5.com/manage/s/article/K000132563 • CWE-345: Insufficient Verification of Data Authenticity •

CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 0

When opening appref-ms files, Firefox did not warn the user that these files may contain malicious code. *This bug only affects Firefox on Windows. Other operating systems are unaffected.* This vulnerability affects Firefox < 116, Firefox ESR < 102.14, Firefox ESR < 115.1, Thunderbird < 102.14, and Thunderbird < 115.1. Al abrir archivos appref-ms, Firefox no advertía al usuario de que estos archivos podían contener código malicioso. Este fallo sólo afecta a Firefox en Windows. Otros sistemas operativos no están afectados. • https://bugzilla.mozilla.org/show_bug.cgi?id=1840777 https://www.mozilla.org/security/advisories/mfsa2023-29 https://www.mozilla.org/security/advisories/mfsa2023-30 https://www.mozilla.org/security/advisories/mfsa2023-31 https://www.mozilla.org/security/advisories/mfsa2023-32 https://www.mozilla.org/security/advisories/mfsa2023-33 •