266 matches found
Backup Migration Staging < 1.3.6 - Sensitive Data Exposure
Description The plugin stores in-progress backups information in easy to find, publicly-accessible files, which may allow attackers monitoring those to leak sensitive information from the site's backups. 1 Run a backup of the site 2 Notice the following files are all publicly available while the...
[SECURITY] Fedora 39 Update: rubygem-activerecord-7.0.7.2-1.fc39
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
Apache Superset vulnerable to improper data authorization
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
Authorization
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
CVE-2023-27523 Apache Superset: Improper data permission validation on Jinja templated queries
Improper data authorization check on Jinja templated queries in Apache Superset up to and including 2.1.0 allows for an authenticated user to issue queries on database tables they may not have access to...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
Hardcoded credentials
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
CVE-2022-41397
The optional Web Screens and Global Search features for Sage 300 through version 2022 use a hard-coded 40-byte blowfish key "LandlordPassKey" to encrypt and decrypt secrets stored in configuration files and in database tables...
[SECURITY] Fedora 37 Update: rubygem-activerecord-7.0.4.3-1.fc37
Implements the ActiveRecord pattern Fowler, PoEAA for ORM. It ties database tables and classes together for business objects, like Customer or Subscription, that can find, save, and destroy themselves without resorting to manual SQL...
Fedora: Security Advisory for rubygem-activerecord (FEDORA-2023-d6157bb1e2)
The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2023-11835 · WordPress · Jetbackup
Name of the Vulnerable Software and Affected Versions: JetBackup – WP Backup, Migrate & Restore plugin for WordPress versions up to, and including, 1.4.0 Description: The issue is related to sensitive information disclosure due to a lack of proper capability checking on the backup guard get manua...
CVE-2022-4553 FL3R FeelBox <= 8.1 - Moods Reset via CSRF
The FL3R FeelBox WordPress plugin through 8.1 does not have CSRF check when updating reseting moods which could allow attackers to make logged in admins perform such action via a CSRF attack and delete the lydlposts & lydlpoststimestamp DB tables...
Cross site request forgery (csrf)
The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...
CVE-2022-3850 Find and Replace All <= 1.3 - Arbitrary Replacement via CSRF
The Find and Replace All WordPress plugin before 1.3 does not have CSRF check when replacing string, which could allow attackers to make a logged admin replace arbitrary string in database tables via a CSRF attack...
CVE-2022-41932 Creation of new database tables through login form on PostgreSQL
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The...
GHSA-4X5R-6V26-7J4V Creation of new database tables through login form on PostgreSQL
Impact It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. Patches The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Workarounds The only workarounds for this are: use an authenticator which does...
Information Disclosure via Export Module
Meta CVSS: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:O/RC:C 4.0 Problem The export functionality fails to limit the result set to allowed columns of a particular database table. This allows authenticated users to export internal details of database tables to which they already have...
Design/Logic Flaw
TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...