ZDI-23-1495: A10 Thunder ADC ShowTechDownloadView Directory Traversal Information Disclosure Vulnerability

October 4, 2023

Read Time:7 Second

This vulnerability allows remote attackers to disclose sensitive information on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.

Advisories

ZDI-23-1496: A10 Thunder ADC FileMgmtExport Directory Traversal Arbitrary File Read and Deletion Vulnerability

October 4, 2023

Read Time:8 Second

This vulnerability allows remote attackers to read and delete arbitrary files on affected installations of A10 Thunder ADC. Authentication is required to exploit this vulnerability.

Advisories

ZDI-23-1497: Apple iTunes Incorrect Permission Assignment Privilege Escalation Vulnerability

October 4, 2023

Read Time:11 Second

This vulnerability allows local attackers to escalate privileges on affected installations of Apple iTunes. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.

Advisories

ZDI-23-1498: Ansys SpaceClaim X_B File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

October 4, 2023

Read Time:11 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ansys SpaceClaim. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.

Advisories

ZDI-23-1499: Cacti link Local File Inclusion Remote Code Execution Vulnerability

October 4, 2023

Read Time:6 Second

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Cacti. Authentication is required to exploit this vulnerability.

Advisories

ZDI-23-1500: Cacti graph_view SQL Injection Authentication Bypass Vulnerability

October 4, 2023

Read Time:9 Second

This vulnerability allows remote attackers to bypass authentication or escalate privileges on affected installations of Cacti. Authentication is required to exploit this vulnerability when the product is in its default configuration.