Improper Authorization

Overview parse-server is a version of the Parse backend that can be deployed to any infrastructure that can run Node.js. Affected versions of this package are vulnerable to Improper Authorization via the afterFind process. An attacker can gain unauthorized access to protected files by sending HTT...

PT-2026-29335

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.6.71 and 9.7.1-alpha.1 Description Parse Server, an open source backend deployable on Node.js infrastructures, is affected by an issue where file downloads via HTTP Range requests bypass the afterFindParse.File...

SQL Injection

Overview bacula-web/bacula-web is a The open source web based reporting and monitoring tool for Bacula. Affected versions of this package are vulnerable to SQL Injection via the getJobFiles function in the application/Table/JobFileTable.php . An attacker can execute arbitrary code on the server b...

VIMESA VHF/FM Transmitter Blue Plus 访问控制错误漏洞

VIMESA VHF/FM Transmitter Blue Plus is an LCD monitor from VIMESA. An access control error vulnerability exists in the VIMESA VHF/FM Transmitter Blue Plus version 9.7.1, which stems from the presence of a denial of service vulnerability that could allow an unauthenticated attacker to issue an...

CVE-2024-29215

Mattermost Server vulnerability CVE-2024-29215: Improper access control in slash commands linked to playbook tasks allows a user to run a slash command in a channel they are not a member of. Affected versions: Mattermost 9.5.x up to 9.5.3; 9.7.x up to 9.7.1; 9.6.x up to 9.6.1; 8.1.x up to 8.1.12....

CVE-2022-42459 WordPress Image Hover Effects Ultimate plugin <= 9.7.1 - Auth. WordPress Options Change vulnerability

Auth. WordPress Options Change vulnerability in Image Hover Effects Ultimate plugin = 9.7.1 on WordPress...

WordPress plugin Image Hover Effects Ultimate 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Jetpack plugin <= 9.7.1 - Attached Image Comment Leak For Non-Published Post And Pages in Carousel Feature

Page/Post Attachment Comment Leak Of Not Published Post And Pages in Carousel Feature discovered by nguyenhgvcs in WordPress Jetpack plugin versions = 9.7.1. Solution Update the WordPress Jetpack plugin to the latest available version at least 9.8...

CVE-2021-27194

Cleartext transmission of sensitive information in Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to gather credentials including Windows login usernames and passwords...

CVE-2021-27193

Incorrect default permissions vulnerability in the API of Netop Vision Pro up to and including 9.7.1 allows a remote unauthenticated attacker to read and write files on the remote machine with system privileges resulting in a privilege escalation...

Netop Vision 访问控制错误漏洞

Netop Vision is an application from the Danish company Netop. It provides a classroom management software. An Access Control Error vulnerability in Netop Vision Pro 9.7.1 and prior versions can be exploited by an unauthenticated, remote attacker to read or write files on a remote computer,...

Foxit Reader and PhantomPDF Type Obfuscation Remote Code Execution Vulnerability (CNVD-2020-24445)

Foxit Reader and Foxit PhantomPDF are both Chinese Foxit Foxit company a PDF document reader. A security vulnerability exists in the handling of the RotatePage command in Foxit Reader and Foxit PhantomPDF 9.7.1.29511 and earlier versions for Windows-based platforms, which stems from the program's...

Foxit PhantomPDF < 9.7.1 Multiple Vulnerabilities

According to its version, the Foxit PhantomPDF application formally known as Phantom installed on the remote Windows host is prior to 9.7.1. It is, therefore, affected by multiple vulnerabilities: - A use-after-free error exists related to handling watermarks, AcroForm objects, text fields, or...

Cross site request forgery (csrf)

An issue was discovered in the Armor module in Polaris FT Intellect Core Banking 9.7.1. CSRF can occur via a /CollatWebApp/gcmsRefInsert?name=SUPP URI...

CVE-2018-14874

The CVE-2018-14874 entry concerns Polaris FT Intellect Core Banking 9.7.1 (Armor module). The vulnerability arises when user input passed through the code parameter on three JSP pages (collaterals/colexe3t.jsp, /references/refsuppu.jsp, /references/refbranu.jsp) is mishandled before being embedde...

CVE-2018-14931

Polarisft Intellect Core Banking Software Version 9.7.1 contains an open redirect in the Core and Portal modules reachable via /IntellectMain.jsp?IntellectSystem=. The open redirect could allow an attacker to redirect users to a malicious site, enabling phishing or credential-stealing scenarios. ...

CVE-2016-9202

A vulnerability in the web-based management interface of Cisco Email Security Appliance ESA Switches could allow an unauthenticated, remote attacker to conduct a persistent cross-site scripting XSS attack against a user of the affected interface on an affected device. More Information: CSCvb37346...

Code injection

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service deadlock and daemon hang by sending a query at the time of 1 an IXFR transfer or 2 a DDNS update...

CVE-2011-0414

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service deadlock and daemon hang by sending a query at the time of 1 an IXFR transfer or 2 a DDNS update...

CVE-2011-0414

ISC BIND 9.7.1 through 9.7.2-P3, when configured as an authoritative server, allows remote attackers to cause a denial of service deadlock and daemon hang by sending a query at the time of 1 an IXFR transfer or 2 a DDNS update...