RSJoomla! RSform!Pro 代码注入漏洞

RSJoomla! RSform!Pro is a form component from RSJoomla! A code injection vulnerability exists in RSJoomla! RSform!Pro versions 3.0.0 through 3.3.14, which stems from a flaw in the submit export functionality that could lead to remote code execution...

CVE-2021-39133

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, a user with admin access to the system resource type is potentially vulnerable to a CSRF attack that could cause the server to run untrusted code on all...

Authentication flaw

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

CVE-2021-39132 YAML deserialization can run untrusted code

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. Prior to version 3.3.14 and version 3.4.3, an authorized user can upload a zip-format plugin with a crafted plugin.yaml, or a crafted aclpolicy yaml file, or upload an untrusted project archive with ...

MongoDB 2.x, 3.0.x < 3.0.15, 3.1.x < 3.2.14, 3.3.x < 3.3.14 Mongo Shell Information Disclosure Vulnerability (SERVER-25335)

The version of the remote MongoDB server is 2.x, 3.x 3.0.15, 3.2.x 3.2.14, 3.3.x 3.3.14. It is, therefore, affected by an information disclosure in mongo shell due to the MongoDB client having world-readable permissions on .dbshell history files. An unauthenticated, local attacker can exploit thi...

eprints.lib.uom.gr Open Redirect vulnerability

Open Bug Bounty ID: OBB-932260 Security Researcher metamorfosec Helped patch 1983 vulnerabilities Received 9 Coordinated Disclosure badges Received 32 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting eprints.lib.uom.gr...

repositorio.usac.edu.gt Open Redirect vulnerability

Security Researcher metamorfosec Helped patch 1935 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting repositorio.usac.edu.gt website and its users...

CVE-2018-15843

GetSimple CMS 3.3.14 has XSS via the admin/edit.php "Add New Page" field...

openSUSE Security Update : otrs (openSUSE-2016-1316)

This update for otrs fixes the following security issues : - CVE-2016-9139: execution of JavaScript in OTRS context by opening malicious attachment OSA-2016-02, bsc1008017 In addition, OTRS was updated to 3.3.16, containing all upstream improvements and bug fixes. %NASLMINLEVEL 70300 C Tenable...

MongoDB Client 'dbshell' Information Disclosure Vulnerability (SERVER-25335) - Linux

MongoDB is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...

openSUSE Security Update : squid (openSUSE-2016-988)

The Squid HTTP proxy has been updated to version 3.3.14, fixing the following security issues : - Fixed multiple Denial of Service issues in HTTP Response processing. CVE-2016-2569, CVE-2016-2570, CVE-2016-2571, CVE-2016-2572, bsc968392, bsc968393, bsc968394, bsc968395 - CVE-2016-3947: Buffer...