104 matches found
The vulnerability of the XWiki platform for creating collaborative web applications lies in errors that occur when using privileged application programming interfaces (APIs). This allows a malicious individual to gain access to read, modify, and delete user accounts.
The vulnerability of the XWiki Platform relates to errors that occur when using privileged application programming interfaces APIs. Exploiting this vulnerability can allow a malicious actor to gain access to read, modify, and delete user accounts...
The vulnerability of the WPLMS training management system, a content management system for WordPress websites, allows an attacker to gain access to read, modify, or delete data.
The vulnerability of the WPLMS training management system involves incorrect restrictions on the path to the restricted access catalog. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
The vulnerability of the command-line interface (CLI) of the FortiRecorder surveillance system’s microprogramming software allows a perpetrator to gain access to read, modify, and delete any files they desire.
The vulnerability of the command-line interface CLI of the FortiRecorder surveillance system software relates to incorrect restrictions on the path name to the restricted-access directory. Exploiting this vulnerability can allow an attacker to gain read, modify, and delete access to arbitrary fil...
The vulnerability of the LibreOffice office software package arises from incorrect restrictions on the path to the restricted access directory. This allows attackers to gain read, modify, or delete access to data.
The vulnerability of the LibreOffice office software package is related to incorrect restrictions on the path to the restricted directory. Exploiting this vulnerability could allow an attacker to gain read, modify, or delete access to data...
aEnrich a+HRD SQL注入漏洞
aEnrich a+HRD is an all-in-one human resource development solution from Acer China aEnrich. A SQL injection vulnerability exists in aEnrich a+HRD 7.5 and prior versions, which originates from allowing an attacker to inject arbitrary SQL commands to read, modify, and delete database content...
The vulnerability of the CLI command-line interface of the GitHub collaborative development platform involves an incorrect restriction on the path name to the restricted directory. This allows a malicious user to gain read, modify, or delete access to files.
The vulnerability of the CLI command-line interface of the GitHub collaborative development platform relates to incorrect path name restrictions for restricted directories when processing the artifact name and the --dir flag. Exploiting this vulnerability may allow a malicious actor to gain read,...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain read, modify, or delete access to data.
The vulnerability in the web interface of the Cisco Identity Services Engine ISE management platform relates to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability could allow a malicious actor to gain read, modify, or delete access to data by sendin...
The vulnerability of the Audio, Web, and Video Conferencing component of the MiCollab collaboration platform allows a perpetrator to gain unauthorized access to read, modify, or delete data.
The vulnerability of the Audio, Web, and Video Conferencing component of the MiCollab collaboration platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to gain unauthorized access to read, modify, or delete data...
The vulnerability of the SAP NetWeaver AS ABAP software integration platform, related to deficiencies in access control, allows a perpetrator to gain read, modify, or delete access to data.
The vulnerability of the SAP NetWeaver AS ABAP software integration platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to gain read, modify, or delete access to data by injecting CSS code or loading a specially created malicious page...
ChanGate Property Management System SQL注入漏洞
ChanGate Property Management System is a property management system from ChanGate. The ChanGate Property Management System suffers from a SQL injection vulnerability that could allow an unauthenticated, remote attacker to inject arbitrary SQL commands to read, modify, and delete database content...
PT-2024-10341 · Fortinet · Fortirecorder
Name of the Vulnerable Software and Affected Versions: Fortinet FortiRecorder versions 7.2.0 through 7.2.1 Fortinet FortiRecorder versions prior to 7.0.4 Description: The issue is related to a path traversal vulnerability, which allows a privileged attacker to access and delete files from the...
Dell InsightIQ 安全漏洞
Dell InsightIQ is a performance monitoring and reporting tool from Dell USA. A security vulnerability exists in Dell InsightIQ that originates from a file or directory that is accessible to an outside party. An unauthenticated, remote-access attacker could use this vulnerability to read, modify,...
PT-2024-38944 · Gether Technology · 6Shr System
Name of the Vulnerable Software and Affected Versions: 6SHR system from Gether Technology affected versions not specified Description: The 6SHR system from Gether Technology does not properly validate the specific page parameter, allowing remote attackers with regular privilege to inject SQL...
CVE-2024-7202
The query functionality of WinMatrix3 Web package from Simopro Technology lacks proper validation of user input, allowing unauthenticated remote attackers to inject SQL commands to read, modify, and delete database contents...
The vulnerability of FortiWeb web applications’ network firewalls, related to deficiencies in authentication procedures, allows attackers to gain read, modify, or delete access to data.
The vulnerability of FortiWeb web applications’ network firewalls is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain read, modify, or delete access to data by sending specially crafted requests...
PT-2024-3982 · Unknown · Redmine Dmsf Plugin
Name of the Vulnerable Software and Affected Versions: Redmine DMSF Plugin versions prior to 3.1.4 Description: The issue is related to a path traversal vulnerability in the Redmine DMSF Plugin, which can be exploited by a remote attacker to gain read, modify, or delete access to files. This...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle Complex Maintenance, Repair, and Overhaul systems—a system for automating business operations in Oracle E-Business Suite—allows a perpetrator to gain access to read, modify, add, or delete data.
The vulnerability of the LOV component in terms of technical maintenance, repairs, and major overhauls of Oracle system equipment exists due to insufficient verification of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to read, modify, add, ...
Schoolbox SQL Injection Vulnerability
Schoolbox is an online learning platform from Schoolbox Australia. A SQL injection vulnerability exists in Schoolbox versions prior to 23.1.3, which stems from vulnerability to a blind SQL injection attack that allows an authenticated attacker to read, modify, and delete database records...
The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software allows a malicious individual to gain unauthorized access to read, modify, or delete data.
The vulnerability of the Visual Analyzer component of the Oracle Business Intelligence Enterprise Edition software is related to insufficient validation of input data. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to read, modify, or delete...