SilverStripe 安全漏洞

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system features multi-language and cross-platform support. A security vulnerability exists in SilverStripe, which stems from a vulnerability in the subsites module th...

PT-2022-26044 · Unknown · Fastest-Json-Copy

Name of the Vulnerable Software and Affected Versions: fastest-json-copy version 1.0.1 Description: The issue allows an external attacker to edit or add new properties to an object because the application does not correctly validate the incoming JSON keys, thus allowing the proto property to be...

MediaWiki <= 1.37 Multiple Vulnerabilities - Windows

Mediawiki is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mediawiki:mediawiki"; ifdescripti...

CVE-2022-29547

The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised or blocked user being able to edit a page...

CVE-2022-29547

The CreateRedirect extension before 2022-04-14 for MediaWiki does not properly check whether the user has permissions to edit the target page. This could lead to an unauthorised or blocked user being able to edit a page...

CVE-2022-29547

The CVE-2022-29547 entry concerns MediaWiki’s CreateRedirect extension before 2022-04-14, where the extension fails to verify a user’s permission to edit the target page. This leads to unauthorised (or blocked) users being able to edit pages. Documented details indicate the issue stems from impro...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A security vulnerability exists in MediaWiki, which stems from a failure of the CreateRedirect...

Oracle E-Business Suite 输入验证错误漏洞

Oracle E-Business Suite is an extension of the original Application ERP and includes a collection of ERP Enterprise Resource Planning Management, HR Human Resource Management, CRM Customer Relationship Management, and other applications that are seamlessly integrated into one management suite...

CVE-2020-24740

An issue was discovered in Pluck 4.7.10-dev2. There is a CSRF vulnerability that can editpage via a /admin.php?action=editpage...

CVE-2020-14671

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced...

Joomla! access control error vulnerability (CNVD-2020-25678)

Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in Joomla! versions 3.8.8 through 3.9.16, which can be exploited by an attacker to make unauthorized...

CVE-2020-2807

Vulnerability in the Oracle Marketing Encyclopedia System product of Oracle E-Business Suite component: Administration. Supported versions that are affected are 12.1.1-12.1.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

Cross site request forgery (csrf)

CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request...

CVE-2020-10498

CSRF in admin/edit-category.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit a category, given the id, via a crafted request...

PT-2020-12164 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue allows attackers to edit a news article, given the id, via a crafted request to the "admin/edit-news.php" endpoint. This is made possible by a CSRF weakness in the software...

Logic flaw vulnerability in DSMall Me***.php file

DSMall mall system is a complete set of B2B2C multi-store mall solutions. A logic flaw vulnerability exists in the DSMall Me.php file. An attacker can exploit the vulnerability to perform unauthorized operations, including modifying the information of items posted by any account and modifying the...

PT-2019-14526 · Youphptube · Youphptube

Name of the Vulnerable Software and Affected Versions: YouPHPTube version 7.4 Description: The issue arises from the lack of access control in the file install/checkConfiguration.php, allowing anyone to edit the configuration file and potentially insert malicious PHP code. Recommendations: For...

CVE-2019-2857

Vulnerability in the Siebel UI Framework component of Oracle Siebel CRM subcomponent: UIF Open UI. Supported versions that are affected are 19.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel UI Framework. Successful...

CVE-2019-2653

Vulnerability in the Oracle One-to-One Fulfillment component of Oracle E-Business Suite subcomponent: Print Server. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker...

CVE-2018-2594

Vulnerability in the Hyperion BI+ component of Oracle Hyperion subcomponent: Foundation UI & Servlets. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Hyperion BI+. Successful attacks...