CVE-2023-27234

A Cross-Site Request Forgery CSRF in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application...

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application...

CVE-2023-27234

A Cross-Site Request Forgery CSRF in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application...

JIZHICMS 跨站请求伪造漏洞

JIZHICMS JIZHICMS is an open source Content Management System CMS from China's JIZHICMS Network Technology Company. A security vulnerability exists in JIZHICMS v2.4.5, which originates from a vulnerability in /Sys/index.html that allows an attacker to arbitrarily change the configuration within t...

CVE-2023-27234

A Cross-Site Request Forgery CSRF in /Sys/index.html of Jizhicms v2.4.5 allows attackers to arbitrarily make configuration changes within the application...

CVE-2023-27234

CVE-2023-27234 is a CSRF vulnerability in Jizhicms v2.4.5 affecting the /Sys/index.html endpoint, enabling an attacker to arbitrarily change configuration with user interaction. Root cause: CSRF due to insufficient request validation. Impact: potential configuration modifications; CVSSv3.1 base s...

CVE-2023-20011

A vulnerability in the web-based management interface of Cisco Application Policy Infrastructure Controller APIC and Cisco Cloud Network Controller, formerly Cisco Cloud APIC, could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack on an affected system...

SUSE CVE-2013-1899

Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service file corruption, and allows remote authenticated users to modify configuration settings and execute arbitrary code, via a connection...

SUSE CVE-2016-0764

Race condition in Network Manager before 1.0.12 as packaged in Red Hat Enterprise Linux Desktop 7, Red Hat Enterprise Linux HPC Node 7, Red Hat Enterprise Linux Server 7, and Red Hat Enterprise Linux Workstation 7 allows local users to obtain sensitive connection information by reading temporary...

CVE-2022-39811

Italtel NetMatch-S CI 5.2.0-20211008 has incorrect Access Control under NMSCI-WebGui/advancedsettings.jsp and NMSCIWebGui/SaveFileUploader. By not verifying permissions for access to resources, it allows an attacker to view pages that are not allowed, and modify the system configuration, bypassin...

TP-LINK TL-SG105PE(UN) 授权问题漏洞

The TP-LINK TL-SG105PEUN is a switch from China P&L TP-LINK. A security vulnerability exists in versions prior to TP-LINK TL-SG105PEUN 1.01.0.0 Build 20221208, which can be exploited by an attacker to potentially impersonate the product administrator, potentially gain access to information, and...

PT-2022-6899 · Unknown · Hutool-Json

Name of the Vulnerable Software and Affected Versions: hutool-json version 5.8.10 Description: The issue in hutool-json is related to an out of memory error, which can be exploited by a remote attacker to cause a denial of service. This is due to a buffer overflow in memory. Recommendations: For...

M-Files Web 安全漏洞

M-Files Web is an intelligent information management platform from M-Files USA, Inc. It is used to optimally support users in their daily work. A security vulnerability exists in M-Files Web versions prior to 22.8.11691.0 that stems from incorrect privilege assignment. An attacker exploiting the...

CVE-2022-37916

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network...

PT-2022-24150 · Aruba · Aruba Airwave Management Platform

Name of the Vulnerable Software and Affected Versions: Aruba AirWave Management Platform versions 8.2.15.0 and below Description: Vulnerabilities in the AirWave Management Platform web-based management interface exist, exposing some URLs to a lack of proper access controls. These vulnerabilities...

CVE-2022-37917 Broken Access Control for some Web-based Management URLs in AirWave Management Platform

Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack of proper access controls. These vulnerabilities could allow a remote attacker with limited privileges to gain access to sensitive information and/or change network...

[SECURITY] [DSA 5285-1] asterisk security update

------------------------------------------------------------------------- Debian Security Advisory DSA-5285-1 [email protected] https://www.debian.org/security/ Markus Koschany November 17, 2022 https://www.debian.org/security/faq -...

rubygem-nokogiri: Improper Handling of Unexpected Data Type in Nokogiri

A flaw was found in the rubygem-nokogiri package. This flaw allows malicious users to change partial contents or configurations on the system. Additionally, this vulnerability can also cause a limited denial of service in the form of interruptions in resource availability...

CVE-2022-20949

A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high privileges to execute configuration commands on an affected system. This vulnerability exists because access to HTTPS endpoints is not properly...

Low: Red Hat Security Advisory: guestfs-tools security, bug fix, and enhancement update

An update for guestfs-tools is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...