24 matches found
CVE-2020-12743
An issue was discovered in Gazie 7.32. A successful installation does not remove or block or in any other way prevent use of its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hiddenreq POST paramet...
EUVD-2019-1134
Malware in sbrugna...
CVE-2023-44988
Missing Authorization vulnerability in Martin Gibson WP Custom Admin Interface allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Custom Admin Interface: from n/a through 7.32...
CVE-2020-12743
An issue was discovered in Gazie 7.32. A successful installation does not remove or block or in any other way prevent use of its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hiddenreq POST paramet...
Authentication flaw
An issue was discovered in Gazie 7.32. A successful installation does not remove or block or in any other way prevent use of its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hiddenreq POST paramet...
CVE-2020-12743
Gazie 7.32 contains an unauthenticated PHP file inclusion vulnerability in /setup/install/setup.php, which remains accessible after setup and can be requested via a hidden_req POST parameter. The issue enables arbitrary PHP file inclusion and is described with high impact (NVD CVSSv3.1: CRITICAL,...
CVE-2020-12743
An issue was discovered in Gazie 7.32. A successful installation does not remove or block or in any other way prevent use of its own file /setup/install/setup.php, meaning that anyone can request it without authentication. This file allows arbitrary PHP file inclusion via a hiddenreq POST paramet...
SAP Supplier Relationship Management Cross-Site Scripting Vulnerability (CNVD-2020-04284)
SAP Supplier Relationship Management SRM is a supplier relationship management solution from SAP. The product automates purchasing and acquisition processes within an organization and between suppliers, and provides functions such as invoicing. A cross-site scripting vulnerability exists in SAP S...
CVE-2019-0361
SAP Supplier Relationship Management Master Data Management Catalog - SRMMDMCAT, before versions 3.73, 7.31, 7.32 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
CVE-2019-0361
SAP Supplier Relationship Management Master Data Management Catalog - SRMMDMCAT, before versions 3.73, 7.31, 7.32 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
Cross site scripting
SAP Supplier Relationship Management Master Data Management Catalog - SRMMDMCAT, before versions 3.73, 7.31, 7.32 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...
Cross site scripting
SAP E-Commerce Business-to-Consumer application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54...
CVE-2019-0298
SAP E-Commerce Business-to-Consumer application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54...
SAP SRM MDM Catalog Authentication Bypass Vulnerability
SAP SRM is a supplier relationship management solution from SAP, of which MDM Catalog is a component with catalog content management and purchasing catalog functionality. An authentication bypass vulnerability in SAP SRM MDM Catalog versions 3.73, 7.31, and 7.32, which originates from a failure o...
Debian DSA-3498-1 : drupal7 - security update
Multiple security vulnerabilities have been found in the Drupal content management framework. For additional information, please refer to the upstream advisory at %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...
DSA-3498-1 drupal7 - security update
Bulletin has no description...
DSA-3200-1 drupal7 - security update
Bulletin has no description...
Drupal Core <= 7.32 - SQL Injection (#1)
No description provided by source...
Fedora 21 : drupal7-7.32-1.fc21 (2014-12934)
Update to upstream 7.32 security release for SA-CORE-2014-005, CVE-2014-3704 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without...
[SECURITY] Fedora 21 Update: drupal7-7.32-1.fc21
Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...