OpenAI Realtime UI 代码问题漏洞

OpenAI Realtime UI is an interactive web application developed by bigsk1, based on OpenAI’s real-time API. It supports tool extensions and integration with Webhooks. There are code-related vulnerabilities in OpenAI Realtime UI; these vulnerabilities stem from operations involving parameters in th...

PT-2023-9533 · Oracle · Peoplesoft Enterprise Peopletools

Name of the Vulnerable Software and Affected Versions: PeopleSoft Enterprise PeopleTools versions 8.59 through 8.61 Description: The issue is related to a vulnerability in the Query component of PeopleSoft Enterprise PeopleTools, which can be exploited by a low-privileged attacker with network...

PT-2023-9512 · Openlink +4 · Openlink Virtuoso-Opensource +4

Name of the Vulnerable Software and Affected Versions: openlink virtuoso-opensource version 7.2.9 Description: The issue in the sqlo query spec component of openlink virtuoso-opensource is related to the improper neutralization of special elements used in SQL commands, which can be exploited by...

CVE-2022-28081

A reflected cross-site scripting XSS vulnerability in the component Query.php of arPHP v3.6.0 allows attackers to execute arbitrary web scripts...

CVE-2021-39127

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability BAC vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1...

Anonymous User is Able to Access Query Component JQL Endpoint - CVE-2021-39127

Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to the query component JQL endpoint via a Broken Access Control vulnerability BAC vulnerability. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. Affected versions:...

CVE-2020-14179

Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. The affected versions are before version 8.5.8, and...

SOY CMS Cross-Site Request Forgery Vulnerability

SOY CMS is a content management system CMS. A cross-site request forgery vulnerability exists in the SOY CMS Query Component prior to version 2.0.0.3 and prior versions, which arises from a WEB application that does not adequately validate that a request is coming from a trusted user. An attacker...

Oracle PeopleSoft Enterprise PeopleTools Unauthorized Access Vulnerability (CNVD-2020-23830)

Oracle PeopleSoft Products is a suite of enterprise human capital management solutions from Oracle Corporation. The products provide human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise PeopleTools is one of the tools and technology platform...

CVE-2018-3192

Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products subcomponent: Query. Supported versions that are affected are 8.55 and 8.56. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

Unspecified Vulnerability in Oracle PeopleSoft Enterprise PeopleTools (CNVD-2018-02009)

PeopleSoft Enterprise PeopleTools provides a comprehensive set of development tools that support the development and runtime of PeopleSoft applications. An unspecified vulnerability exists in the Query component of Oracle PeopleSoft Enterprise PeopleTools. An attacker could exploit the...