128 matches found
The vulnerability of the Collaboration Portal component of the SAP Transportation Management system allows a hacker to execute an SSRF attack.
The vulnerability of the Collaboration Portal component of the SAP Transportation Management system is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...
User Impersonation
Overview Affected versions of this package are vulnerable to User Impersonation via the entityid parameter in the /api/Setting endpoint, due to insufficient server-side validation of authentication and authorization. Remediation Upgrade Oqtane.Framework to version 6.0.1 or higher. References -...
CVE-2022-1884 Remote Command Execution in gogs/gogs
A remote command execution vulnerability exists in gogs/gogs versions =0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the treepath parameter during file uploads. An attacker can set treepath=.git. to upload a file into the .git directory, allowing...
SUSE CVE-2024-47872
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves Cross-Site Scripting XSS on any Gradio server that allows file uploads. Authenticated users can upload files such as HTML, JavaScript, or SVG files containing malicious scripts. When other users...
GitLab: Login email verification bypass via `/oauth/token`.
Vulnerability description not provided...
PT-2024-22798
Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 7.0.1815 Description The issue lies in the improper validation of client-side stored data within the web application. Specifically, the is master admin key, stored in the local storage of the browser, can be...
Sceiner firmware locks and associated devices are vulnerable to encryption downgrade and arbitrary file upload attacks
Overview Sciener is a company that develops software and hardware for electronic locks that are marketed under many different brands. Their hardware works in tandem with an app, called the TTLock app, which is also produced by Sciener. The TTLock app utilizes Bluetooth connections to connect to...
Security Bypass
Microsoft.AspNetCore.Components is vulnerable to Security Bypass. The vulnerability arises due to a lack of validation on blazer server. An unauthenticated user is able to bypass validation on blazer server forms...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absence of proper validation of the origin of...
Input validation
The Staff / Employee Business Directory for Active Directory plugin for WordPress is vulnerable to LDAP Passback in versions up to, and including, 1.2.3. This is due to insufficient validation when changing the LDAP server. This makes it possible for authenticated attackers, with administrative...
CVE-2023-3747
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...
CVE-2023-3747
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...
CVE-2023-1722 Yoga Class Registration System 1.0 - ATO
Yoga Class Registration System version 1.0 allows an administrator to execute commands on the server. This is possible because the application does not correctly validate the thumbnails of the classes uploaded by the administrators...
PT-2023-23524 · Suprema · Suprema Biostar 2
Name of the Vulnerable Software and Affected Versions: Suprema BioStar 2 versions prior to 2.9.1 Description: A vulnerability in the web application of Suprema BioStar 2 allows an authenticated attacker with User Operator privileges to create a highly privileged user account. This issue is caused...
K11464209: IP Intelligence Feed List vulnerability CVE-2017-6143
Security Advisory Description X509 certificate verification was not correctly implemented in the IP Intelligence Subscription and IP Intelligence feed-list features, and thus the remote server’s identity is not properly validated in certain versions of BIG-IP. CVE-2017-6143 Impact Affected BIG-IP...
U.S. Dept Of Defense: [█████] Bug Reports allow for Unrestricted File Upload
Unrestricted file upload was possible through the bug report feature of a web page, allowing an attacker to attach a malicious file to a bug report and execute malware on the support agent's system. The web server did not validate the extension and size of the uploaded file...
CVE-2022-38341
Safe Software FME Server v2021.2.5 and below does not employ server-side validation...
CVE-2022-29154
An issue was discovered in rsync before 3.2.5 that allows malicious remote servers to write arbitrary files inside the directories of connecting peers. The server chooses which files/directories are sent to the client. However, the rsync client performs insufficient validation of file names. A...
Mobaoku-Auction&Flea Market 信任管理问题漏洞
Mobaoku-Auction&Flea Market is a mobile software. Mobaoku-Auction&Flea Market is vulnerable to a trust management issue, which arises from improper server certificate validation. A remote attacker could exploit the vulnerability to eavesdrop on encrypted communications...
Missing server signature validation in OctoberCMS
Impact This advisory affects authors of plugins and themes listed on the October CMS marketplace where an end-user will inadvertently expose authors to potential financial loss by entering their private license key into a compromised server. It has been disclosed that a project fork of October CM...