14 matches found
EUVD-2014-4678
Malware in sbrugna...
EUVD-2022-3828
Malicious code in bioql PyPI...
EUVD-2022-38945
Malicious code in bioql PyPI...
Improper Access Control
thorsten/phpmyfaq is vulnerable to Improper Access Control. The vulnerability exists due to the lack of validation of email addresses in ajaxservice.php which allows an attacker to take over another account...
SourceCodester Billing Management System SQL注入漏洞
Sourcecodester The Electric Billing Management System is a simple web application used to manage customer billing for an electric provider company. A SQL injection vulnerability exists in SourceCodester Billing Management System version 1.0, which stems from a problem in the file ajaxservice.php,...
SiteServerCMS 安全漏洞
SSCMS SiteServerCMS SSCMS is an open source, cross-platform, enterprise-level content management system from China's SSCMS Corporation. A security vulnerability exists in SiteServerCMS version 5.X. The vulnerability stems from a remote download Getshell vulnerability via...
Moodle allows attackers to obtain sensitive information
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...
GHSA-FRHC-9HWC-X7J3 Moodle allows attackers to obtain sensitive information
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...
Security Bulletin: Information disclosure in IBM Business Process Manager (BPM) V8.5 document attachments search (CVE-2014-4759)
Summary IBM BPM document attachment queries can return document properties that contain sensitive information. Vulnerability Details CVE ID: CVE-2014-4759 DESCRIPTION: An Ajax service that is shipped with the Content Management toolkit allows users to search for IBM BPM document attachments from...
Code injection
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...
CVE-2015-0211
mod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtai...
CVE-2014-4759
An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager BPM 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results...
CVE-2014-4759
IBM BPM 8.5.x through 8.5.5 is affected by CVE-2014-4759 due to an Ajax service in the Content Management toolkit that allows authenticated users to perform a document-attachment search and read document properties, potentially exposing sensitive information. The vulnerability arises because quer...
CVE-2014-4759
An unspecified Ajax service in the Content Management toolkit in IBM Business Process Manager BPM 8.5.x through 8.5.5 allows remote authenticated users to obtain sensitive information by performing a document-attachment search and then reading document properties in the search results...