CVE-2021-44877

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability ha...

Improper access control

Dalmark Systems Systeam 2.22.8 build 1724 is vulnerable to Incorrect Access Control. The Systeam application is an ERP system that uses a mixed architecture based on SaaS tenant and user management, and on-premise database and web application counterparts. A broken access control vulnerability ha...

Cross-Site Request Forgery (CSRF) in livehelperchat/livehelperchat

Description I found one more CSRF at Clean cache in the System tab of System configuration via GET request. Proof of Concept CLICK ME! Impact This vulnerability is capable of tricking admin to clear the cache of the system, that can potential lead to a DoS attack. Remediation Use POST request...

CVE-2021-41242

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files...

Crafter CMS File Overwrite Vulnerability

Crafter CMS is an open source content management system CMS for digital experience applications.A security vulnerability exists in Crafter CMS, which stems from the possibility that an authenticated administrator could override the system configuration file. An attacker could exploit this...

CVE-2021-23261

Authenticated administrators may override the system configuration file and cause a denial of service...

CVE-2021-23261

Authenticated administrators may override the system configuration file and cause a denial of service...

Design/Logic Flaw

Authenticated administrators may override the system configuration file and cause a denial of service...

CVE-2021-23261

Crafter CMS is affected by a vulnerability where an authenticated administrator can override the system configuration file , enabling a denial of service . The description and related entries (CVE-2021-23261, Crafter CMS CNVD/CNNVD references) confirm the root cause as a file overwrite/authentica...

CVE-2021-23261 Overriding the system configuration file causes a denial of service

Authenticated administrators may override the system configuration file and cause a denial of service...

Crafter CMS 安全漏洞

Crafter CMS is an open source content management system CMS for digital experience applications.A security vulnerability exists in Crafter CMS, which stems from the possibility that an authenticated administrator could override the system configuration file. An attacker could exploit this...

The vulnerability of Mac OS operating systems, related to logical errors, allows attackers to circumvent security restrictions.

The vulnerability of Mac OS operating systems arises due to a logical error in the implementation of system configuration settings. Exploiting this vulnerability allows an attacker to bypass security restrictions remotely...

scap-security-guide bug fix and enhancement update

The scap-security-guide project provides a guide for configuration of the system from the final system's security point of view. The guidance is specified in the Security Content Automation Protocol SCAP format and constitutes a catalog of practical hardening advice, linked to government...

NETGEAR 安全漏洞

NETGEAR is a router from the American company NETGEAR. A hardware device that connects two or more networks and acts as a gateway between networks. A security vulnerability exists in NETGEAR routers that could be exploited by a network neighbor attacker to disclose sensitive information about...

CVE-2021-42540

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

Code injection

The affected product is vulnerable to a unsanitized extract folder for system configuration. A low-privileged user can leverage this logic to overwrite the settings and other key functionality...

CVE-2021-42540

The CVE-2021-42540 entry relates to Emerson WirelessHART Gateway and describes an unsanitized extract folder vulnerability in system configuration. The underlying issue allows a low-privileged user to overwrite settings and other key functionality due to missing input/permission validation during...

CVE-2021-41152

OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere o...

Cisco Identity Services Engine 安全漏洞

Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The ISE collects real-time information about the network, users, and devices to formulate and enforce policies to regulate the network. A security vulnerability exists in the Cisco Identit...

CVE-2021-41617

A flaw was found in OpenSSH. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user. Depending on system configuration, inherite...