601 matches found
CVE-2024-34882
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...
CVE-2024-34885
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...
CVE-2024-34885
Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...
CVE-2024-34883
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...
CVE-2024-34887
Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...
Bitrix24 安全漏洞
Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 23.300.100, which originates from a remote administrat...
CVE-2024-34887
CVE-2024-34887 affects 1C-Bitrix Bitrix24 23.300.100. The issue is "insufficiently protected credentials" in AD/LDAP server settings, enabling remote administrators to exfiltrate AD/LDAP administrator passwords to an arbitrary server via HTTP POST. Public sources (Red Hat, CNNVD, CVE listings) de...
CVE-2024-34891
Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...
CVE-2024-9923
The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them...
CVE-2024-7694
ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...
PT-2024-36002
Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue is related to improper filtering of parameters in a specific API, allowing remote attackers with administrative privileges to execute arbitrary system commands on the...
CVE-2024-4297
The system configuration interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...
Devellion CubeCart Security Breach
Devellion CubeCart is a free and open source e-commerce shopping cart software from the company of Devellion UK. The software supports selling products, adding/editing products or images in an online store, etc. A security vulnerability exists in Devellion CubeCart versions prior to 6.5.3, which...
PT-2023-16031 · Synology · Synology Diskstation Manager
Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions 6.2.4-25556-7 and earlier, 7.0.1-42218-6 and earlier Synology DiskStation Manager DSM version 7.1-42660 and earlier Description: The issue allows remote authenticated users with administrator privileg...
Command injection
An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following...
K42204713: Multiple MySQL vulnerabilities
Security Advisory Description CVE-2016-3424 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-3440 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote...
K47605350: MySQL vulnerability CVE-2016-5631
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. CVE-2016-5631 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K30255576: MySQL vulnerability CVE-2016-5507
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. CVE-2016-5507 Impact There is no impact; F5 products are not affected by this vulnerability...
K15535113: MySQL vulnerability CVE-2016-5632
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-5632 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...
K62477129: MySQL vulnerability CVE-2016-5584
Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. CVE-2016-5584 Impact There is no impact; F5 products a...