64 matches found
CVE-2021-41177
The CVE-2021-41177 entry affects Nextcloud Server. The issue is that before versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud did not implement a memory-cache backend for rate-limiting, so components using rate limits (e.g., AnonRateThrottle, UserRateThrottle) were not actually rate-limited on inst...
PT-2021-23152 · Nextcloud +2 · Nextcloud Server +2
Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 20.0.13 Nextcloud Server versions prior to 21.0.5 Nextcloud Server versions prior to 22.2.0 Description: Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and...
CVE-2021-41286
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...
CVE-2021-41286
Omikron MultiCash Desktop 4.00.008.SP5 relies on a client-side authentication mechanism. When a user logs into the application, the validity of the password is checked locally. All communication to the database backend is made via the same technical account. Consequently, an attacker can attach a...
ProjectSend Security Vulnerability
ProjectSend formerly cFTP is a suite of self-hosted applications based on PHP and MySQL. ProjectSend before r1295 suffers from a security vulnerability that incorrectly resets passwords due to faulty business logic...
Heybbs Micro Community in***.php file has a reload vulnerability
Heybbs micro-community is a front-end based on bootstrap + jq + css, back-end php + mysql development of micro-community program. Heybbs micro-community in.php file exists reloading vulnerability. An attacker can use the vulnerability to reset all the data on the website and gain server privilege...
openSUSE Security Update : opera (openSUSE-2019-2107)
This update for opera fixes the following issues : Opera was updated to version 63.0.3368.66 : - CHR-7525 Update chromium on desktop-stable-76-3368 to 76.0.3809.132 - DNA-74031 Download indicator doesnt match progress - DNA-77042 Something went wrong message in crypto wallet in private window -...
Override access vulnerability in Guojiz web site navigation system
Guojiz website navigation system is a navigation website source code system developed by PHP+MySQL. Guojiz website navigation system has an override access vulnerability that can be exploited by an attacker to change any user's password...
File Upload Vulnerability in Acme CMS
Acme CMS is a CMS builder using PHP + Mysql architecture, multi-language, responsive display, suitable for personal website construction. Acme CMS has a file upload vulnerability that can be exploited by attackers to gain server privileges...
Code Execution Vulnerability in Gxlcms News System
Gxlcms News System is a news cms content management system developed in php+mysql. Gxlcms news system has a code execution vulnerability that can be exploited by an attacker to execute remote code...
Elevation of Privilege Vulnerability in the background of emlog personal blog system
Short for every memory log, emlog is a PHP and MySQL based blog and CMS builder. A privilege elevation vulnerability exists in the background /src/admin/data.php page of the emlog personal blog system. An attacker can exploit the vulnerability to elevate privileges by importing files...
PYSEC-2015-19
The session.flush function in the cacheddb backend in Django 1.8.x before 1.8.2 does not properly flush the session, which allows remote attackers to hijack user sessions via an empty string in the session key...
PHP address book has multiple SQL injection and multiple cross-site scripting vulnerabilities
PHP Address Book Address Book is a PHP development of a simple Web-based address book , contact management applications , support groups , addresses , e-mail , telephone numbers and birthday information ; can be exported to vCard and CSV , integrated with Gmail, Google and Yahoo maps , the databa...
Sillaj time tracking tool Authentication Bypass
No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j...
bitweaver 2.8.1 - Multiple Vulnerabilities
No description provided by source. Trustwave SpiderLabs Security Advisory TWSL2012-016: Multiple Vulnerabilities in Bitweaver Published: 10/23/2012 Version: 1.0 Vendor: Bitweaver http://www.bitweaver.org/ Product: Bitweaver Version affected: 2.8.1 and earlier versions Product description: Bitweav...
[SECURITY] Fedora 17 Update: gallery2-2.3.2-2.fc17
The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...
Sillaj Time Tracking Tool SQL Injection
Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz: Topsecure.net, inj3ct...
Sillaj time tracking tool - Authentication Bypass
Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Sillaj Authentication Bypass Vendor url:http://sillaj.sourceforge.net/ Version:1 Published: 2010-07-11 Greetz to:r0073r inj3ct0r.com, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j. Special Greetz: Topsecure.net, inj3ct...
DSA-1813-1 evolution-data-server - several vulnerabilities
Bulletin has no description...
[SECURITY] Fedora 9 Update: gallery2-2.2.5-1.fc9
The base Gallery 2 installation - the equivalent of upstream's -minimal package. This package requires a database to be operational. Acceptable database backends include MySQL v 3.x, MySQL v 4.x, PostgreSQL v 7.x, PostgreSQL v 8.x, Oracle 9i, Oracle 10g, DB2, and MS SQL Server. All given package...