9 matches found
CVE-2023-7333 bluelabsio records-mover Table Object sql injection
A weakness has been identified in bluelabsio records-mover up to 1.5.4. The affected element is an unknown function of the component Table Object Handler. This manipulation causes sql injection. The attack needs to be launched locally. Upgrading to version 1.6.0 is sufficient to fix this issue...
Allocation of Resources Without Limits or Throttling
Overview commons-fileupload:commons-fileupload is a component that provides a simple yet flexible means of adding support for multipart file upload functionality to servlets and web applications. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...
CVE-2024-27181
In Apache Linkis = 1.5.0, Privilege Escalation in Basic management services where the attacking user is a trusted account allows access to Linkis's Token information. Users are advised to upgrade to version 1.6.0, which fixes this issue...
PT-2023-22706 · Apache · Apache Inlong
Name of the Vulnerable Software and Affected Versions: Apache InLong versions 1.4.0 through 1.5.0 Description: The issue is related to an SQL Injection vulnerability. By manipulating the orderType parameter, an attacker can extract the username of the user with ID 1 from the "user" table, one...
PT-2022-8065 · Unknown · Farcry Solr Pro Plugin
Name of the Vulnerable Software and Affected Versions: FarCry Solr Pro Plugin versions up to 1.5.x Description: A vulnerability was found in the FarCry Solr Pro Plugin, affecting an unknown functionality of the file packages/forms/solrProSearch.cfc of the component Search Handler. The manipulatio...
PT-2022-11741 · Openmrs · Openmrs Admin Ui Module
Name of the Vulnerable Software and Affected Versions: OpenMRS Admin UI Module versions up to 1.5.x Description: A vulnerability was found in the OpenMRS Admin UI Module, affecting unknown code of the file location.gsp. The manipulation leads to cross-site scripting. The attack can be initiated...
PT-2022-16611 · Jetbrains · Jetbrains Kotlin
Name of the Vulnerable Software and Affected Versions: JetBrains Kotlin versions prior to 1.6.0 Description: The issue concerns the inability to lock dependencies for Multiplatform Gradle Projects in JetBrains Kotlin. This could potentially lead to unstable project configurations due to...
Arbitrary Code Execution
Overview ruby-jss is a provides native ruby access to the REST APIs of Jamf Pro, an enterprise/education tool for managing Apple devices, from jamf.com. Affected versions of this package are vulnerable to Arbitrary Code Execution. This is due to the usage of the plist library, which has documente...
Elasticsearch Engineered Attack Vulnerability CVE-2015-4165
Summary: Elasticsearch versions 1.0.0 - 1.5.2 are vulnerable to an engineered attack on other applications on the system. The snapshot API may be used indirectly to place snapshot metadata files into locations that are writeable by the user running the Elasticsearch process. It is possible to...