361 matches found
Concrete CMS Stored Cross-site Scripting vulnerability
Concrete CMS version 9 before 9.2.7 is vulnerable to Stored XSS via the Name field of a Group type since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Name field which might be executed when users visit t...
ISC BIND DoS Vulnerability (CVE-2023-4408) - Windows
ISC BIND is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; if...
CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...
CVE-2024-1245 Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS in file tags and description attributes since administrator entered file attributes are not sufficiently sanitized in the Edit Attributes page. A rogue administrator could put malicious code into the file tags or description attribut...
CVE-2024-1246
Concrete CMS 9.x prior to 9.2.5 is vulnerable to reflected XSS via the Image URL Import Feature due to insufficient input validation. A rogue administrator could inject malicious code during image import, potentially executing in users’ browsers. Public references (NVD, Red Hat, GHSA, OSV, Veraco...
Input validation
Concrete CMS version 9 before 9.2.5 is vulnerable to stored XSS via the Role Name field since there is insufficient validation of administrator provided data for that field. A rogue administrator could inject malicious code into the Role Name field which might be executed when users visit the...
Ivanti Connect Secure 9.x / 22.x Command Injection Vulnerability (CVE-2024-21887)
Binary data ivanticsCVE-2024-21887.nbin...
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.
Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a separated security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...
Apache Traffic Server 8.x < 8.1.3 / 9.x < 9.1.1 Multiple Vulnerabilities
According to its self reported version, the remote Apache Traffic Server install is affected by multiple vulnerabilities. - Buffer Copy without Checking Size of Input 'Classic Buffer Overflow' vulnerability in the stats-over-http plugin of Apache Traffic Server allows an attacker to overwrite...
PT-2023-29784 · Senayan · Slims Senayan Library Management System +1
Name of the Vulnerable Software and Affected Versions: Senayan Library Management Systems Slims version 9 Senayan Library Management Systems Bulian version 9.6.1 Description: The issue allows a remote attacker to obtain sensitive information and execute arbitrary code via a crafted script to the...
SuperWebMailer SQL Injection Vulnerability
Superwebmailer is a web-based PHP newsletter software for newsletter recipient management, sending HTML newsletters, birthday emails. A security vulnerability exists in SuperWebMailer version 9.00.0.01710, which originates from a SQL injection vulnerability in parameter size...
Drupal Cache Poisoning Vulnerability (SA-CORE-2023-006) - Windows
Drupal is prone to a cache poisoning vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:drupal:drupal"; ifdescription...
CVE-2023-4661 SQLi in Saphira Connect
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saphira Saphira Connect allows SQL Injection. This issue affects Saphira Connect: before 9...
PT-2023-30117 · Unknown · Saphira Connect
Name of the Vulnerable Software and Affected Versions: Saphira Connect versions prior to 9 Description: The issue affects Saphira Connect, allowing Remote Code Inclusion due to an Execution with Unnecessary Privileges vulnerability. Recommendations: For versions prior to 9, update to version 9 or...
Saphira Connect Cross-Site Scripting Vulnerability
Saphira Connect is a telephone exchange and call center server mobile application from Saphira Connect, Inc. A cross-site scripting vulnerability exists in versions prior to Saphira Connect 9 that stems from incorrect default permissions that allow privilege escalation...
PT-2023-30110 · Unknown · Saphira Connect
Name of the Vulnerable Software and Affected Versions: Saphira Connect versions prior to 9 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...
KLA52554 SB vulnerability in Apache Tomcat
Security vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 9.0.80 Fixed in Apache Tomcat 8.5.93 Fixed in Apache Tomcat 10.1.13 Exploitation Malware exis...
CVE-2023-38499 typo3/cms-core Information Disclosure due to Out-of-scope Site Resolution
TYPO3 is an open source PHP based web content management system. Starting in version 9.4.0 and prior to versions 9.5.42 ELTS, 10.4.39 ELTS, 11.5.30, and 12.4.4, in multi-site scenarios, enumerating the HTTP query parameters id and L allowed out-of-scope access to rendered content in the website...
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.
Summary IBM DB2 is shipped with IBM License Metric Tool. Information about a security vulnerabilities affecting IBM DB2 has been published in a separated security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Version...
CVE-2023-30631
Improper Input Validation vulnerability in Apache Software Foundation Apache Traffic Server. The configuration option proxy.config.http.pushmethodenabled didn't function. However, by default the PUSH method is blocked in the ipallow configuration file.This issue affects Apache Traffic Server:...