Spring Security 授权问题漏洞

Spring Security is a security framework developed by Spring OpenSource that includes authentication and authorization features. Vulnerabilities related to authorization exist in versions 5.7.0 to 5.7.24, 5.8.0 to 5.8.26, 6.3.0 to 6.3.17, 6.4.0 to 6.4.17, and 6.5.0 to 6.5.10 of Spring Security...

Microsoft Exchange Server 授权问题漏洞

Microsoft Exchange Server is a email service program provided by the American company Microsoft. It offers features such as email access, storage, forwarding, voicemail handling, and email filtering. There are vulnerabilities related to authorization in Microsoft Exchange Server. Attackers can...

WordPress plugin HAPPY 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

Microsoft Windows Active Directory 授权问题漏洞

Microsoft Windows Active Directory is a centralized directory management service provided by Microsoft for managing large-scale network environments. It stores information about objects on the network, enabling administrators and users to easily find and use this information. There are...

WordPress plugin Super Custom Login 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress plugin Make My Trivia 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Student Management System 授权问题漏洞

Student Management System is a student management system developed by Krishanmurariji. There are authorization-related vulnerabilities in this system; these vulnerabilities stem from incorrect handling of parameters named “Name” in the file/viva/update.php, which may lead to improper authorizatio...

Open edX Platform 授权问题漏洞

The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform, from Maple versions up to ulmo, had authorization-related vulnerabilities...

ZITADEL 授权问题漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland. Versions 4.0.0 to 4.12.0 of ZITADEL contain authorization vulnerabilities. These vulnerabilities stem from the login V2 user interface, which allows bypasses of log...

FunAdmin 授权问题漏洞

FunAdmin is an open-source backend development system developed using ThinkPHP6 and Layui. Versions of FunAdmin 7.1.0-rc4 and earlier have authorization-related vulnerabilities. These vulnerabilities stem from incorrect operations on the setConfig function in the component Configuration Handler...

ssm-erp和production_ssm 授权问题漏洞

productionssm is an ERP system developed by MegaGao’s individual developers using Spring+SpringMVC+Mybatis and jQuery EasyUI. ssm-erp is a production management ERP system developed by fenghaha’s individual developers. There are authorization issues between ssm-erp and productionssm...

WordPress plugin Cliengo 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Outline 授权问题漏洞

Outline is an open-source knowledge base developed by Outline. Versions prior to Outline 1.1.0 had issues with authorization vulnerabilities. These vulnerabilities stemmed from defects in the WebSocket authentication mechanism, which could allow suspended users to maintain or establish real-time...

CVE-2024-41140

Zohocorp ManageEngine Applications Manager versions 174000 and prior are vulnerable to the incorrect authorization in the update user function...

EUVD-2014-2886

Malware in sbrugna...

EUVD-2021-11734

Malware in sbrugna...

EUVD-2018-0775

Malware in sbrugna...

CVE-2020-10083

GitLab 12.7 through 12.8.1 has Insecure Permissions. Under certain conditions involving groups, project authorization changes were not being applied...

Security Bulletin: IBM Storage Fusion Data Foundation is vulnerable to Improper and Incorrect Authorization and SQL Injection in Vault (CVE-2023-0665, CVE-2023-24999, CVE-2023-0620)

Summary Vault is used by IBM Storage Fusion Data Foundation as part of user authentication. This bulletin identifies the steps to take to address the vulnerability in IBM Storage Fusion Data Foundation. CVE-2023-0665, CVE-2023-24999, CVE-2023-0620. Vulnerability Details CVEID:CVE-2023-0665...

The vulnerability of the Quality Management Specs component in the Oracle Process Manufacturing (OPM) application for process management systems in the Oracle E-Business Suite allows a malicious individual to gain unauthorized access to read, modify, or delete data.

The vulnerability of the Quality Management Specs component in the Oracle Process Manufacturing OPM application for process development involves deficiencies in the authorization procedures. Exploiting this vulnerability could allow an attacker to gain unauthorized access to read, modify, or dele...