praisonai-platform: list_issue_activity returns activity log for any issue regardless of workspace ownership

Summary Type: Insecure Direct Object Reference. The GET /workspaces/workspaceid/issues/issueid/activity endpoint is gated by requireworkspacememberworkspaceid and dispatches to ActivityService.listforissueissueid, which executes SELECT FROM activity WHERE issueid = :issueid with no workspace...

CVE-2021-0571

In ActivityTaskManagerService.startActivity and AppTaskImpl.startActivity of ActivityTaskManagerService.java and AppTaskImpl.java, there is possible access to restricted activities due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privilege...

ASB-A-352542820

In onCreateOptionsMenu of UserSettings.java, there is a possible way to remove the work profile by opening a hidden activity due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

CVE-2022-34836

Relative Path Traversal vulnerability in ABB Zenon 8.20 allows the user to access files on the Zenon system and user also can add own log messages and e.g., flood the log entries. An attacker who successfully exploit the vulnerability could access the Zenon runtime activities such as the start an...

Sap SuccessFactors 安全漏洞

Sap SuccessFactors is a cloud-based Hcm software application from SAP, Germany. A security vulnerability exists in the SAP SuccessFactors Android application prior to version 2108, which stems from a problem with the way the Android application is implemented. The vulnerability allows an attacker...

MGASA-2014-0483 Updated moodle package fixes security vulnerabilities

In Moodle before 2.6.5, without forcing encoding, it was possible that UTF7 characters could be used to force cross-site scripts to AJAX scripts although this is unlikely on modern browsers and on most Moodle pages MSA-14-0035. In Moodle before 2.6.5, an XSS issue through $searchcourse in...