CVE-2023-26513

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...

CVE-2023-26513

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...

CVE-2023-26513 Apache Sling Resource Merger: Requests to certain paths managed by the Apache Sling Resource Merger can lead to DoS

Excessive Iteration vulnerability in Apache Software Foundation Apache Sling Resource Merger.This issue affects Apache Sling Resource Merger: from 1.2.0 before 1.4.2...

CVE-2023-26513

CVE-2023-26513 describes an Excessive Iteration vulnerability in the Apache Sling Resource Merger. Affected: Apache Sling Resource Merger versions 1.2.0 through 1.4.2. Root cause: not explicitly detailed beyond the excessive iteration issue in the Resource Merger. Impact: potential DoS via reques...

PT-2023-20692 · Apache · Apache Sling Resource Merger

Name of the Vulnerable Software and Affected Versions: Apache Sling Resource Merger versions 1.2.0 through 1.4.2 Description: The issue is related to an Excessive Iteration vulnerability in the Apache Sling Resource Merger. Recommendations: For versions 1.2.0 through 1.4.2, update to version 1.4....

Apache Sling 安全漏洞

Apache Sling is the United States Apache Apache Foundation of a Java platform for open source Web framework. It is designed to create content-centric applications on JSR-170-compliant content repositories such as Apache Jackrabbit. A security vulnerability exists in Apache Sling Resource Merger...

Securing a successful merger: Insights from MGM Studios

Hear from John Visneski, CISO of MGM Studios about how the organization fosters collaboration and transparency across business units using Wiz...

Four EU telco giants will start asking users if they want personalized targeted ads

They say you can't have too much of a good thing. Unfortunately, this applies to ads, too, whether you think they're a good thing or not. Soon, Europes four biggest telecommunication companies--Germany's Deutsche Telekom DK, France's Orange, Spain's Telefonica, and the UK's Vodafone Group--will...

SUSE CVE-2011-1176

The configuration merger in itk.c in the Steinar H. Gunderson mpm-itk Multi-Processing Module 2.2.11-01 and 2.2.11-02 for the Apache HTTP Server does not properly handle certain configuration sections that specify NiceValue but not AssignUserID, which might allow remote attackers to gain privileg...

Prototype Pollution

baobab is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes via the merger function in helpers.js and modify attributes such as proto, constructor, and other prototype base objects...

CVE-2022-3865

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3849

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3848

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3849

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

Sql injection

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

Sql injection

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

Sql injection

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3865 WP User Merger < 1.5.3 - Admin+ SQLi via ID

The WP User Merger WordPress plugin before 1.5.3 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as admin...

CVE-2022-3865

The CVE-2022-3865 entry concerns the WordPress WP User Merger plugin (versions prior to 1.5.3). The underlying issue is improper sanitisation/escaping of a parameter used in a SQL statement, resulting in a SQL injection. The vulnerability is exploitable by users with a role as low as admin. Affec...