279 matches found
RHSA-2011:1803 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.2 update
Bulletin has no description...
RHSA-2011:1802 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.2 update
Bulletin has no description...
The vulnerability of the web page rendering modules in WebKitGTK and WPE WebKit, related to the occurrence of operations outside the buffer in memory, allows attackers to access confidential data.
The vulnerability of the Web page rendering modules in WebKitGTK and WPE WebKit relates to the execution of operations beyond the buffer boundaries in memory. Exploiting this vulnerability allows a remote attacker to gain access to confidential data...
RHSA-2014:0792 Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update
Bulletin has no description...
RHSA-2014:0898 Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update
Bulletin has no description...
RHSA-2013:0259 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update
Bulletin has no description...
RHSA-2013:0230 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.2.0 security update
Bulletin has no description...
RHSA-2011:0945 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.1 update
Bulletin has no description...
RHSA-2010:0961 Red Hat Security Advisory: JBoss Enterprise Web Platform 5.1.0 security and bug fix update
Bulletin has no description...
RHBA-2010:0735 Red Hat Bug Fix Advisory: JBoss Enterprise Web Platform 5.1.0 update
Bulletin has no description...
RHSA-2014:1833 Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update
Bulletin has no description...
RHSA-2014:1320 Red Hat Security Advisory: Red Hat JBoss Enterprise Web Platform 5.2.0 security update
Bulletin has no description...
ROS-20240806-05
A vulnerability in the AbstractSessionListener component of the Symfony web application development and management platform is related to an incorrect authorization procedure. Symfony web application development and management platform is related to incorrect authorization procedure. Exploitation...
WordPress Path Traversal Vulnerability
WordPress is a suite of blogging platforms developed in the PHP language by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers. WordPress suffers from a path traversal vulnerability that stems from improperly restricting pathnames to restricted directorie...
The vulnerability of the ASP.NET Zero web platform for creating websites lies in the redirection of URLs to an unreliable website, allowing a hacker to redirect users to any given URL address.
The vulnerability of the ASP.NET Zero web platform for creating websites involves the redirection of URLs to an unreliable website. Exploiting this vulnerability allows a malicious actor to redirect users to any given URL address...
ZKTeco ZKBioSecurity 安全漏洞
ZKTeco ZKBioSecurity is a web-based all-in-one platform from the Chinese company ZKTeco. A security vulnerability exists in ZKTeco ZKBioSecurity version 6.1.1, which stems from a directory traversal vulnerability in eventRecord...
silverstripe/framework allows upload of dangerous file types
Some potentially dangerous file types exist in File.allowedextensions which could allow a malicious CMS user to upload files that then get executed in the security context of the website. We have removed the ability to upload .css, .js, .potm, .dotm, .xltm and .jar files in the default...
GHSA-F43J-8HQ4-2XJ9 silverstripe/framework uploaded PHP script execution in assets
A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...
silverstripe/framework uploaded PHP script execution in assets
A weakness in the .htaccess rules preventing requests to uploaded PHP scripts allows PHP scripts that had made their way into the assets directory to be successfully executed through the use of a specially crafted URL. There are protections in place to disallow upload of PHP scripts through the...
CVE-2024-34082 Grav Arbitrary File Read to Account Takeover
Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password res...