10 matches found
EUVD-2015-2009
Malware in sbrugna...
EUVD-2008-1939
Malware in sbrugna...
UBUNTU-CVE-2023-35939
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a on a file accessible by an authenticated user or not for certain actions, allows a threat actor to interact, modify, or see Dashboard data. Version 10.0.8...
Drupal 安全漏洞
Drupal is an open source content management system developed in PHP by the Drupal community. A security vulnerability exists in Drupal version 9.3, which stems from the fact that the Common Entity Access API is not fully integrated with existing permissions, resulting in the possibility of certai...
PT-2023-22289 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions prior to 14.4.7 XWiki versions prior to 14.10 Description: The Document script API returns directly a DocumentAuthors, allowing to set any authors to the document. This can allow subsequent executions of scripts since this auth...
CVE-2022-36100 XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document Main.Tags in XWiki didn't sanitize user inputs...
EUVD-2022-6981
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the...
PT-2022-23189 · Xwiki · Xwiki Platform Wiki Ui Main Wiki
Name of the Vulnerable Software and Affected Versions: XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 13.10.5 XWiki Platform Wiki UI Main Wiki versions 5.3-milestone-2 through 14.3 Description: It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity...
PT-2019-5224 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.7 through 5.3.0 Description: The issue is related to an authentication error in the class-wp-rest-posts-controller function of the WordPress content management system, allowing users to mark posts as sticky via the REST...
Drupal hosting module access rights bypass vulnerability
Drupal is a free, open source content management system developed in PHP and maintained by the Drupal community. hosting is one of the core modules of the Aegir hosting system. An access privilege bypass vulnerability exists in Drupal hosting module versions 7.x-3.x prior to 7.x-3.7. An attacker...