CVE-2023-48293 XWiki Admin Tools Application CSRF with QueryOnXWiki allows arbitrary database queries

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Prior to version 4.5.1, a cross-site request forgery vulnerability in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. Among other things, this allow...

CVE-2023-48293

The CVE refers to XWiki Admin Tools Application (pre-4.5.1) where a CSRF flaw in the Query on XWiki tool allows executing arbitrary database queries. This can modify or delete wiki data and potentially create an attacker account with elevated privileges, impacting confidentiality, integrity, and ...

CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

CVE-2023-48292

CVE-2023-48292 concerns the XWiki Admin Tools RunShellCommand feature. The issue is a cross-site request forgery (CSRF) in versions 4.4 up to 4.5.0/1 that lets an authenticated admin be tricked into executing shell commands on the server. An attacker can exploit this by injecting a command into a...

CVE-2023-48292 XWiki Admin Tools Application Run Shell Command allows CSRF RCE attacks

The XWiki Admin Tools Application provides tools to help the administration of XWiki. Starting in version 4.4 and prior to version 4.5.1, a cross site request forgery vulnerability in the admin tool for executing shell commands on the server allows an attacker to execute arbitrary shell commands ...

PT-2023-8618 · Xwiki · Xwiki Admin Tools

Name of the Vulnerable Software and Affected Versions: XWiki Admin Tools versions 4.4 through 4.5.0 Description: The issue is related to insufficient authentication of executed requests in the XWiki Admin Tools application. This allows a remote attacker to execute arbitrary commands by tricking a...

PT-2023-8619 · Xwiki · Xwiki Admin Tools Application

Name of the Vulnerable Software and Affected Versions: XWiki Admin Tools Application versions prior to 4.5.1 Description: A cross-site request forgery issue in the query on XWiki tool allows executing arbitrary database queries on the database of the XWiki installation. This could be used to dama...

Admin Tools Application Cross-Site Request Forgery Vulnerability

Admin Tools Application is an open source advanced management tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions prior to 4.5.1, which stems from a vulnerability that allows arbitrary database queries to be performed on...

Admin Tools Application Cross-Site Request Forgery Vulnerability

Admin Tools Application is an open source advanced administration tool for XWiki from the XWiki Foundation. A cross-site request forgery vulnerability exists in Admin Tools Application versions 4.4 through 4.5.1, which can be exploited to allow an attacker to execute arbitrary shell commands by...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - July 2023 - Includes Oracle July 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

U.S. Dept Of Defense: Automatic Admin Access

The automatic administrative access vulnerability allowed a user to access the application with full administrative privileges, including the ability to create submissions, manage users, and access sensitive data. The vulnerability impacted the integrity, confidentiality, and availability of the...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2023 - Includes Oracle January 2023 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

CVE-2023-27271

In SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability...

SUSE CVE-2017-7241

A cross-site scripting XSS vulnerability in the MantisBT Move Attachments page moveattachmentspage.php, part of admin tools allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection CSP settings allows it. This is fixed in 1.3.9, 2.1.3, an...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - October 2022 - Includes Oracle October 2022 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities a...

CVE-2022-39015

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted...

CVE-2022-39015

Under certain conditions, BOE AdminTools/ BOE SDK allows an attacker to access information which would otherwise be restricted...

Security Bulletin: IBM SDK, Java Technology Edition Quarterly CPU - January 2022 - Includes Oracle January 2022 CPU

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Versions 7, and 8 that are used by Maximo Asset Management, Maximo Industry Solutions including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for...

Dolibarr authenticated Remote Code Execution

Dolibarr 12.0.3 is vulnerable to authenticated Remote Code Execution. An attacker who has the access the admin dashboard can manipulate the backup function by inserting a payload into the filename for the zipfilenametemplate parameter to admin/tools/dolibarrexport.php...

Dolibarr stored Cross-site Scripting vulnerability

In Dolibarr 10.0.6, if USERLOGINFAILED is active, there is a stored XSS vulnerability on the admin tools -- audit page. This may lead to stealing of the admin account...