iceScrum 安全漏洞

iceScrum is a project management software from the French company iceScrum. A security vulnerability exists in iceScrum version v7.54, which stems from a Zip Slip vulnerability in the Import Project component that could lead to the execution of arbitrary code...

SAP NetWeaver AS ABAP Information Disclosure (Feb 2024)

SAP NetWeaver Application Server ABAP - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of t...

CVE-2024-24740 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP (SAP Kernel)

SAP NetWeaver Application Server ABAP - versions KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.93, KERNEL 7.94, KRNL64UC 7.53, under certain conditions, allows an attacker to access information which could otherwise be restricted with low impact on confidentiality of t...

CVE-2024-22124

Under certain conditions, Internet Communication Manager ICM or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, WEBDISP 7.22EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access...

Design/Logic Flaw

Under certain conditions, Internet Communication Manager ICM or SAP Web Dispatcher - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, WEBDISP 7.22EXT, WEBDISP 7.53, WEBDISP 7.54, could allow an attacker to access...

CVE-2024-22124

CVE-2024-22124 affects SAP NetWeaver Internet Communication Manager and SAP Web Dispatcher—specifically listed kernel and related components (KERNEL 7.22/7.53/7.54; KRNL64UC 7.22/7.53; KRNL64NUC 7.22/7.22_EXT; WEBDISP 7.22_EXT/7.53/7.54). The vulnerability enables an attacker to access informatio...

CVE-2023-41366 Information Disclosure vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT,...

CVE-2023-37491

CVE-2023-37491 concerns an ACL bypass in the SAP Message Server. Affected: SAP Message Server components/versions including KERNEL 7.22, 7.53, 7.54, 7.77 and related RNL64UC/KRNL64NUC variants. Root cause: ACL implementation can be bypassed under certain conditions, enabling an authenticated mali...

CVE-2023-35874 Improper authentication vulnerability in SAP NetWeaver AS ABAP and ABAP Platform

SAP NetWeaver Application Server ABAP and ABAP Platform - version KRNL64NUC, 7.22, KRNL64NUC 7.22EXT, KRNL64UC 7.22, KRNL64UC 7.22EXT, KRNL64UC 7.53, KERNEL 7.22, KERNEL, 7.53, KERNEL 7.77, KERNEL 7.81, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.92, KERNEL 7.93, under some conditions, perfor...

PT-2023-4246 · Sap · Sap Message Server

Name of the Vulnerable Software and Affected Versions: SAP Message Server versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT Description: The issue is related to the Access Control List ACL of the SAP Message...

SUSE CVE-2004-1491

Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry...

CVE-2021-34074

PandoraFMS =7.54 allows arbitrary file upload, it leading to remote command execution via the File Manager. To bypass the built-in protection, a relative path is used in the requests...

Cross site scripting

SAP E-Commerce Business-to-Consumer application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54...

CVE-2019-0298

SAP E-Commerce Business-to-Consumer application does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. Fixed in the following components SAP-CRMJAV SAP-CRMWEB SAP-SHRWEB SAP-SHRJAV SAP-CRMAPP SAP-SHRAPP, versions 7.30, 7.31, 7.32, 7.33, 7.54...

CVE-2018-2380

SAP CRM, 7.01, 7.02,7.30, 7.31, 7.33, 7.54, allows an attacker to exploit insufficient validation of path information provided by users, thus characters representing “traverse to parent directory” are passed through to the file APIs. Recent assessments: Assessed Attacker Value: 0 Assessed Attacke...

FreeBSD : opera -- multiple vulnerabilities in Java implementation (1489df94-6bcb-11d9-a21e-000a95bc6fae)

Marc Schoenefeld reports : Opera 7.54 is vulnerable to leakage of the java sandbox, allowing malicious applets to gain unacceptable privileges. This allows them to be used for information gathering spying of local identity information and system configurations as well as causing annoying crash...

CVE-2005-0235

The International Domain Name IDN support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...

CVE-2004-1489

Opera 7.54 and earlier versions expose an applet’s access to Sun Java internal packages, allowing remote attackers to read sensitive information such as user names and installation directory. Multiple connected sources corroborate the issue and the affected package is Opera (desktop/browser). The...

CVE-2004-1491

CVE-2004-1491 affects Opera 7.54 and earlier. The vulnerability arises because Opera uses kfmclient exec to handle unknown MIME types, allowing a remote attacker to execute arbitrary code via a shortcut or launcher containing an Exec entry. Public documents confirm this as a real issue across mul...

CVE-2005-0235

The International Domain Name IDN support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks...