6 matches found
GHSA-6WHJ-7QMG-86QJ Khoj has an IDOR in Notion OAuth Flow that Enables Index Poisoning
Summary An IDOR in the Notion OAuth callback allows an attacker to hijack any user's Notion integration by manipulating the state parameter. The callback endpoint accepts any user UUID without verifying the OAuth flow was initiated by that user, allowing attackers to replace victims' Notion...
PT-2024-12113 · Taskcafe · Taskcafe
Name of the Vulnerable Software and Affected Versions: TaskCafe version 0.3.2 Description: The issue is related to a lack of validation in the Cookie value, which allows an unauthenticated attacker who knows a registered UserID to change the password of that user. This can be exploited by attacke...
SUSE CVE-2016-6190
SOGo before 2.3.12 and 3.x before 3.1.1 does not restrict access to the UID and DTSTAMP attributes, which allows remote authenticated users to obtain sensitive information about appointments with the "View the Date & Time" restriction, as demonstrated by correlating UIDs and DTSTAMPs between all...
红帽 Red Hat Ceph 授权问题漏洞
Red Hat Ceph is a Linux petabyte-level distributed file system from Red Hat. The main goal of the system is to be designed as a distributed file system without a single point of failure, based on POSIX Portable Operating System Interface, enabling fault-tolerant and seamless data replication. cep...
PYSEC-2021-31
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...
Oracle buffer overflow
Command line buffer overflow allows to obtain oracle uid...