11 matches found
EUVD-2017-2538
Malware in sbrugna...
CVE-2024-10953
An authenticated data.all user is able to perform mutating UPDATE operations on persisted Notification records in data.all for group notifications that their user is not a member of...
CVE-2022-45164
An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to cancel delete a booking, created by someone else - even if this basic user is not a member of the booking...
JVN#48120704: Movable Type plugin A-Form vulnerable to cross-site scripting
Movable Type plugin A-Form provided by ARK-Web co., ltd. contains a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of the user who accessed the site using the product. Solution Update the Software Update A-Form to the latest version...
CVE-2017-10898
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors...
Sql injection
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors...
CVE-2017-10898
CVE-2017-10898 describes a SQL injection in Movable Type plugins A-Member and A-Member for MT cloud, affected through versions 3.8.6 and earlier. The root cause is a vulnerability in processing cookie values (CWE-89). Impact per sources: an attacker who can access pages using these plugins may ob...
CVE-2017-10898
SQL injection vulnerability in the A-Member and A-Member for MT cloud versions 3.8.6 and earlier allows an attacker to execute arbitrary SQL commands via unspecified vectors...
ARK-Web A-Member and A-Member for MT cloud SQL Injection Vulnerabilities
ARK-Web A-Member is a membership site builder plugin for Movable Type from ARK-Web Japan.A-Member for MT cloud is its MT cloud based version. A SQL injection vulnerability exists in ARK-Web A-Member and A-Member for MT cloud 3.8.6 and earlier versions. A remote attacker can exploit this...
Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection
Overview A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection CWE-89 vulnerability due to the issue in processing cookie values. Yuuta Watanabe...
JVN#78501037: Movable Type plugin A-Member and A-Reserve vulnerable to SQL injection
A-Member and A-Reserve provided by ARK-Web co., ltd. are plugins for Movable Type which provide functions to build a membership website or a reservation website. A-Member and A-Reserve contain SQL injection CWE-89 vulnerability due to the issue in processing cookie values. Impact An attacker who...