It was discovered that missing input sanitising in libspreadsheet-parseexcel-perl, a Perl module to access information from Excel Spreadsheets, may result in the execution of arbitrary commands if a specially crafted document file is processed.
Multiple security vulnerabilities have been discovered in Cacti, a web interface for graphing of monitoring systems, which could result in cross-site scripting, SQL injection, or command injection.
postfix: High-performance mail transport agent Details: USN-6591-1 fixed vulnerabilities in Postfix. A fix with less risk of regression has been made available since the last update. This update updates the fix and aligns with the latest configuration guidelines regarding this vulnerability. We apologize for the inconvenience. Original advisory Postfix could allow bypass of email authentication if ...
libspreadsheet-parseexcel-perl: Perl module to access information from Excel Spreadsheets Spreadsheet::ParseExcel could possibly run commands if it processed a specially crafted file.
This update for perl-Spreadsheet-ParseExcel fixes the following issues: * CVE-2023-7101: Fixed a command injection issue when parsing an untrusted spreadsheet .
The host is installed with Cacti 1.2.25 and is prone to a reflected cross-site scripting vulnerability. A flaw is present in the application, which fails to properly handle the templates_import.php component. Successful exploitation allows attackers to perform actions on behalf of other users.