11 matches found
OpenMage LTS: Cross-user wishlist import leads to private option & file disclosure
Cross-user wishlist item import via shared wishlist code, leading to private option disclosure and file-disclosure variant Summary The shared wishlist add-to-cart endpoint authorizes access with a public sharingcode, but loads the acted-on wishlist item by a separate global wishlistitemid and nev...
Schneider Electric Data Center Expert 访问控制错误漏洞
Schneider Electric Data Center Expert is a data monitoring software from Schneider Electric USA. An access control error vulnerability exists in Schneider Electric Data Center Expert version 8.1.1.3 and prior versions, which stems from missing authentication of critical functionality, and could...
OpenSC Security Vulnerabilities
OpenSC is an open source smart card tool and middleware. A security vulnerability exists in OpenSC. An attacker exploiting the vulnerability could lead to a potential disclosure of private data...
Information disclosure
The VTEX email protected GraphQL API module does not properly restrict unauthorized access to private configuration data. email protected is unaffected by this issue...
CVE-2021-39203 Private data disclosure/privilege escalation through the block editor in Wordpress
WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. In affected versions authenticated users who don't have permission to view private post types/data can bypass restrictions in the block editor under certain conditions. This...
GitLab Doles Out Half a Million Bucks to White Hats
GitLab has awarded a total of $565,650 in security bug bounties to 171 researchers who reported valid vulnerabilities in the past year — and has announced the winners of its latest hacking contest. GitLab, which started out as a web-based Git repository manager before moving into the DevOps...
Nextcloud: Combination of content provider allows private data disclosure
Good afternoon. Sorry, its me again .. I use NC on a daily basis so I often makes some checks .. As per 489105, document thumbnail shall not be disclosed. The exposure on thumbnailCache/ is an already know issue. However, malicious apps are still able to extract at least pictures and text files b...
Access Control Bypass
slixmpp is vulnerable to access control bypass. The vulnerability exists because the default permissions for persistent storage of private data on a PEP node is not set properly, disclosing private data that have been published to a PEP node to all the contacts of the victim...
Moodle 2.9.x < 2.9.9 Multiple Vulnerabilities
Binary data 9834.prm...
Opera Multiple Vulnerabilities-01 Jan13 (Linux)
The host is installed with Opera and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gboperamultvuln01jan13lin.nasl 6115 2017-05-12 09:03:25Z teissa $ Opera Multiple Vulnerabilities-01 Jan13 Linux Authors: Antu Sanadi Copyright: Copyright c 2013 Greenbone Networks GmbH,...
Opera Multiple Vulnerabilities-01 (Jan 2013) - Linux
Opera is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...