45 matches found
openBI Code Issues Vulnerabilities
openBI is a big data visualization solution from openBI. A code issue vulnerability exists in openBI prior to version 1.0.8, which stems from a problem in the index function of the /application/plugins/controller/Upload.php file, which could lead to unrestricted file uploads...
Server-side Request Forgery (SSRF)
Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the injection of arbitrary URLs. An attacker can read files outside the application's path boundary by forcing...
spring-boot: Security Bypass With Wildcard Pattern Matching on Cloud Foundry
A flaw was found in Spring Boot. This targets specifically 'spring-boot-actuator-autoconfigure' package. This issue occurs when an application is deployed to Cloud Foundry, which could be susceptible to a security bypass. Specifically, an application is vulnerable when all of the following are...
VulnCheck KEV: CVE-2023-35078
Ivanti Endpoint Manager Mobile EPMM, previously branded MobileIron Core contains an authentication bypass vulnerability that allows unauthenticated access to specific API paths. An attacker with access to these API paths can access personally identifiable information PII such as names,...
KiteCMS 安全漏洞
KiteCMS is a website CMS. A security vulnerability exists in KiteCMS version 1.1, which stems from an incorrect access control issue that can be exploited by a remote attacker to view sensitive information via a path in the application URL...
CVE-2022-36889
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...
CVE-2022-36889
Jenkins Deployer Framework Plugin 85.v1d1888e8c021 and earlier does not restrict the application path of the applications when configuring a deployment, allowing attackers with Item/Configure permission to upload arbitrary files from the Jenkins controller file system to the selected service...
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...
CVE-2022-24906 Error in deleting deck cards attachment reveals the full application path in Nextcloud Deck
Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud, similar to Trello. The full path of the application is exposed to unauthorized users. It is recommended that the Nextcloud Deck app is upgraded to 1.2.11, 1.4.6, or 1.5.4. There is no workaround available...
Nextcloud信息泄露漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. Nextcloud suffers from an information disclosure vulnerability that originates when the full path of an application is exposed to an unauthorized user...
CVE-2022-27127
zbzcms v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /php/ajax.php...
Unspecified vulnerability in CIPPlanner CIPAce (CNVD-2020-21813)
CIPPlanner CIPAce is a suite of business process automation and application development platforms from the US-based CIPPlanner. A security vulnerability exists in CIPPlanner CIPAce version 9.1 Build 2019092801. An attacker can exploit the vulnerability to obtain the full application path and...
CVE-2020-11591
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the full application path along with the customer name...
Code injection
DevActSvc.exe in ASUS Device Activation before 1.0.7.0 for Windows 10 notebooks and PCs could lead to unsigned code execution with no additional restrictions when a user puts an application at a particular path with a particular file name...
CVE-2019-19235
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...
Code injection
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...
CVE-2019-19235
AsLdrSrv.exe in ASUS ATK Package before V1.0.0061 for Windows 10 notebook PCs could lead to unsigned code execution with no additional execution. The user must put an application at a particular path, with a particular file name...
DLL Hijacking Vulnerability in Display Control Remote HMI
Shenzhen Xianzhong Technology is a national high-tech enterprise specializing in the research and development, production, sales and service of Industry 4.0 core products. There is a dll hijacking vulnerability in Remote HMI. Attackers can construct a malicious application placed in a specific...
dll hijacking vulnerability in Yisetron Data Security Guard
Yisetong Data Security Guard is a security product that specializes in preventing your private data assets from being illegally stolen or used by others in the process of sharing and storing. A dll hijacking vulnerability exists in Yisetone Data Safeguard. The vulnerability is due to an unsafe...
CVE-2016-5253
The Updater in Mozilla Firefox before 48.0 on Windows allows local users to write to arbitrary files via vectors involving the callback application-path parameter and a hard link...