21 matches found
CVE-2020-36867
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...
CVE-2020-36867 Nagios XI < 5.7.3 Command Injection in Report PDF Download
Nagios XI versions prior to 5.7.3 contain a command injection vulnerability in the report PDF download/export functionality. User-supplied values used in the PDF generation pipeline or the wrapper that invokes offline/pdf helper utilities were insufficiently validated or improperly escaped,...
EUVD-2024-29375
Malicious code in bioql PyPI...
CVE-2024-31495
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality...
CVE-2022-1177
Accounting User Can Download Patient Reports in openemr in GitHub repository openemr/openemr prior to 6.1.0...
CVE-2021-23203
Improper access control in reporting engine of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to download PDF reports for arbitrary documents, via crafted requests...
CVE-2024-31495
A improper neutralization of special elements used in an sql command 'sql injection' in Fortinet FortiPortal versions 7.0.0 through 7.0.6 and version 7.2.0 allows privileged user to obtain unauthorized information via the report download functionality...
CVE-2024-31495
CVE-2024-31495 is a SQL injection due to improper neutralization of a special element in Fortinet FortiPortal. Affected: Fortinet FortiPortal 7.0.0–7.0.6 and 7.2.0. Impact: a privileged user can obtain unauthorized information via the report download functionality. Root cause is the improper hand...
Fortinet FortiPortal SQL Injection Vulnerability
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A SQL injection vulnerability exists in Fortinet FortiPortal versions 7.0.0 through 7.0.6...
PT-2024-4154 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0 Description: The issue is related to the improper neutralization of special elements used in an SQL command, also known as SQL injection, in Fortinet...
Odoo 安全漏洞
Odoo is a set of enterprise resource planning ERP and customer relationship management CRM system from Odoo Belgium. The system is developed in Python, with PostgreSQL as the database, and includes modules for sales management, inventory management, and financial management. A security...
Dell Wyse Management Suite 安全漏洞
Wyse Management Suite is a scalable solution for managing and optimizing Wyse endpoints from Dell, Inc. The product includes centralized Wyse endpoint management, asset tracking, and automated device discovery.Wyse Management Suite 3.6.1 and prior versions contain a security vulnerability that...
TikTok: IDOR in report download functionality on ads.tiktok.com
An IDOR Insecure Direct Object Reference vulnerability was found on a TikTok Ads endpoint within the report download functionality. We thank @fm for reporting this to our team...
Security Bulletin: IBM MDM Software report download without authentication affects IBM InfoSphere Master Data Management Collaboration Server
Summary IBM InfoSphere Master Data Management - Collaborative Edition could allow an unauthorized user to download reports without authentication Vulnerability Details CVEID: CVE-2017-1523 DESCRIPTION: IBM InfoSphere Master Data Management - Collaborative Edition could allow an unauthorized user ...
IBM InfoSphere Master Data Management Security Bypass Vulnerability (CNVD-2017-35510)
IBM InfoSphere Master Data Management MDM - Collaborative Edition is a suite of collaborative editing solutions for Product Information Management PIM from IBM USA. A security vulnerability exists in IBM InfoSphere MDM - Collaborative Edition. An attacker could exploit the vulnerability to downlo...
CVE-2017-1523
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892...
CVE-2017-1523
IBM InfoSphere Master Data Management - Collaborative Edition 11.5 could allow an unauthorized user to download reports without authentication. IBM X-Force ID: 129892...
CVE-2017-1523
IBM InfoSphere Master Data Management – Collaborative Edition 11.5 is affected by CVE-2017-1523, where an unauthenticated user could download reports without valid credentials. The vulnerability affects the Collaboration Server component (11.5) and is documented with a remediation path to apply t...
Cisco Wide Area Application Services Central Manager Information Disclosure Vulnerability
A vulnerability in the web-based GUI of Cisco Wide Area Application Services WAAS Central Manager could allow an unauthenticated, remote attacker to retrieve completed reports from an affected system. The vulnerability is due to a processing error in how the affected software applies role-based...
Crunch - Password Cracking Wordlist Generator
Crunch is a wordlist generator where you can specify a standard character set or a character set you specify. crunch can generate all possible combinations and permutations. Features crunch generates wordlists in both combination and permutation ways it can breakup output by number of lines or fi...