8 matches found
Kloxo 安全漏洞
Kloxo is an open source hosting platform from LxCenter. A security vulnerability exists in Kloxo versions 6.1.12 and earlier, which stems from a local elevation of privilege issue in the lxsuexec and lxrestart binaries that could lead to the execution of arbitrary commands...
Incus 安全漏洞
Incus is an LXC open source system container and virtual machine manager. A security vulnerability exists in Incus versions 6.12 and 6.13, which stems from a partial bypass of security options in the nftables rule and could lead to ARP spoofing...
PT-2024-32285 · Unknown · Rocket.Chat
Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions 6.12.0 and earlier Description: The issue is related to DOM-based Cross-site Scripting XSS. Attackers may be able to abuse the UpdateOTRAck method to forge a message that contains an XSS payload. Recommendations: For...
PT-2024-20987 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the project id parameter at the "/ProjectManage/pm gatt inc.aspx" API endpoint. This allows for potential exploitation. No information is provided about...
PT-2024-20990 · Ruvaroa · Ruvaroa
Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/WorkFlow/wf office file history show.aspx" API endpoint. Recommendations...
WordPress Ecwid Ecommerce Shopping Cart plugin <= 6.12.10 - Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
AuthenticatedContributor+ Stored Cross-Site Scripting via Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin Ecwid Shopping Cart versions = 6.12.10...
PT-2024-14186 · Ecwid · Ecwid Ecommerce Shopping Cart
Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart versions through 6.12.4 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in Ecwid Ecommerce Shopping Cart. This type of vulnerability allows an attacker to trick a user into performing...
CVE-2023-0834
Incorrect Permission Assignment for Critical Resource vulnerability in HYPR Workforce Access on MacOS allows Privilege Escalation.This issue affects Workforce Access: from 6.12 before 8.1...