29 matches found
Linux Distros Unpatched Vulnerability : CVE-2023-46727
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a...
CVE-2023-46727
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
Palo Alto Networks PAN-OS 8.1.x < 8.1.25 / 9.0.x < 9.0.17 / 9.1.x < 9.1.16 / 10.0.x < 10.0.11 / 10.1.x < 10.1.6 Vulnerability
The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.25 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.16 or 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.6. It is, therefore, affected by a vulnerability. - A cross-site scripting XSS vulnerability in Palo Al...
CVE-2023-46727
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
CVE-2023-43813
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue...
Sql injection
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
CVE-2023-46727 GLPI SQL injection through inventory agent request
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
CVE-2023-46727 GLPI SQL injection through inventory agent request
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
CVE-2023-46727 GLPI SQL injection through inventory agent request
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, GLPI inventory endpoint can be used to drive a SQL injection attack. Version 10.0.11 contains a patch for the issue. As a workaround, disable native inventory...
CVE-2023-46726
GLPI (free IT Asset Management) versions before 10.0.11 on PHP 7.4 are affected by CVE-2023-46726: LDAP server configuration form can be abused to execute arbitrary code uploaded as a GLPI document. Version 10.0.11 includes a patch. Remediation is to upgrade to a version containing the fix (per t...
CVE-2023-43813 glpi Authenticated SQL Injection
GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.11, the saved search feature can be used to perform a SQL injection. Version 10.0.11 contains a patch for the issue...
GLPI Injection Vulnerability
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
PT-2023-7946 · Php +3 · Php +3
Name of the Vulnerable Software and Affected Versions: GLPI versions 10.0.0 through 10.0.10 Description: The issue is related to incorrect neutralization of special elements in output, which can allow a remote attacker to execute arbitrary code. The LDAP server configuration form can be used to...
GLPI SQL Injection Vulnerability
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
GLPI SQL Injection Vulnerability
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
Vulnerability fixed in Drupal
Drupal has fixed a vulnerability in Drupal core. The vulnerability is located in the JSON:API module and allows an unauthenticated malicious party to gain access to sensitive data. No CVE ID has been disclosed for this vulnerability yet. Drupal has released updates to fix the vulnerability in...
PT-2021-19835 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 10.0.11 Nextcloud Server versions prior to 20.0.10 Nextcloud Server versions prior to 21.0.2 Description: A malicious user may be able to break the user administration page, disallowing administrators to...
Cross-site scripting in SiCKRAGE
in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting XSS due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive...
CVE-2021-25926
In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting XSS due to user input not being validated properly in the quicksearch feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the...
Echel0n SiCKRAGE 跨站脚本漏洞
SickRage is an automated video library manager for TV programs. A reflected cross-site scripting vulnerability exists in SiCKRAGE versions 9.3.54.dev1 - 10.0.11.dev1. The vulnerability stems from the quicksearch feature not properly validating user input. An attacker can use this vulnerability to...