GLPI 操作系统命令注入漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner and ink...

Glewlwyd Access Control Vulnerability

Glewlwyd is a server for single sign-on servers, OAuth2, OpenidConnect, multi-factor authentication, HOTP/TOTP, FIDO2, TLS certificates, etc., which can be extended by plug-ins An access control vulnerability exists in Glewlwyd that is related to a logical judgment of the affected version. An...

[SECURITY] Fedora 35 Update: mingw-gstreamer1-1.19.3-1.fc35

GStreamer is a streaming-media framework, based on graphs of filters which operate on media data. Applications using this library can do anything from real-time sound processing to playing videos, and just about anything else media-related. Its plug-in-based architecture means that new data types...

CVE-2021-22049

CVE-2021-22049 is an SSRF flaw in the vSAN Web Client (vSAN UI) plug‑in of vSphere Web Client. Exploitation requires network access to port 443 on vCenter Server to trigger a URL request outside or to internal services. Connected sources confirm this affects VMware vCenter Server and describe the...

GLPI 路径遍历漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

The vulnerability of the Password Synchronization Plug-in of the IBM Security Identity Manager allows a perpetrator to modify the passwords of other users.

The vulnerability of the Password Synchronization Plug-in of the IBM Security Identity Manager relates to deficiencies in the segmentation of the controlled system area. Exploiting this vulnerability could allow an intruder operating remotely to gain unauthorized access to protected information...

Apache Solr VelocityResponseWriter Plug-In Remote Code Execution Vulnerability

The Apache Solr VelocityResponseWriter plug-in contains an unspecified vulnerability which can allow for remote code execution...

Oracle HTTP Server (Oct 2021 CPU)

The 11.1.1.9.0, 12.2.1.3.0, and 12.2.1.4.0 versions of HTTP Server installed on the remote host are affected by multiple vulnerabilities as referenced in the October 2021 CPU advisory. - Vulnerability in the Oracle WebLogic Server Proxy Plug-In product of Oracle Fusion Middleware component: SSL...

Zoom Plugin Code Execution Vulnerability

Zoom Plugin is a plug-in from Zoom ZOOM, Inc. A security vulnerability exists in previous versions of Zoom Plugin for Microsoft Outlook for MacOS 5.3.52553.0918, which stems from a Time of Check Use TOC TOU vulnerability included in the plug-in installation process. An attacker could exploit this...

Vmware VMware vCenter Server 代码问题漏洞

Vmware VMware vCenter Server is a suite of server and virtualization management software from Vmware, Inc. The software provides a centralized platform for managing VMware vSphere environments, automating the implementation and delivery of virtual infrastructures. vCenter Server is vulnerable to...

CVE-2021-20828

Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20828

Cross-site scripting vulnerability in Order Status Batch Change Plug-in for EC-CUBE 3.0 series all versions allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20828

The CVE-2021-20828 entry concerns the EC-CUBE 3.0 series plugin “Order Status Batch Change Plug-in” by ActiveFusions. The vulnerability is a cross-site scripting (CWE-79) flaw caused by insufficient validation of client-side data, allowing a remote attacker to inject arbitrary script via unspecif...

CVE-2021-20825

CVE-2021-20825 affects the EC-CUBE List (order management) item change plug-in for the 3.0 series, specifically Ver.1.1 and earlier. The vulnerability is a cross-site scripting (CWE-79) flaw in the plugin, enabling an arbitrary script to be executed in the administrator’s browser via unspecified ...

CVE-2021-20825

Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-33701

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...

CVE-2021-33701

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...

Sql injection

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...

CVE-2021-33701

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 20111620, 20111640, 20111700, 20111710, 20111730, 710, 20111731, 710, 20111752, 2020, SAPSCORE 125, S4CORE 102, 102, 103, 104, 105, allows an attacker with access to highly privileged account to execute manipulated query in NDZT tool to gain...

JVN#46313661: EC-CUBE plugin "List (order management) item change plug-in" vulnerable to cross-site scripting

EC-CUBE plugin "List order management item change plug-in" provided by shiro8 Co., Ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who is accessing the administrative page of the product. Solution Update the plug...