CVE-2022-0825

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...

CVE-2022-0825 Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

The Amelia WordPress plugin before 1.0.49 does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...

WordPress Amelia plugin information leakage vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Amelia plugin versions prior to 1.0.47...

Information disclosure

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...

CVE-2022-0720 Amelia < 1.0.47 - Customer+ Arbitrary Appointments Update and Sensitive Data Disclosure

The Amelia WordPress plugin before 1.0.47 does not have proper authorisation when managing appointments, allowing any customer to update other's booking, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it...

Amelia < 1.0.49 - Customer+ Arbitrary Appointments Status Update

The plugin does not have proper authorisation when managing appointments, allowing any customer to update other's booking status, as well as retrieve sensitive information about the bookings, such as the full name and phone number of the person who booked it. 1. Make a booking to become customer ...

WordPress Amelia plugin <= 1.0.48 - Arbitrary Appointments Status Update vulnerability

Arbitrary Appointments Status Update vulnerability discovered by Huli from Cymetrics in WordPress Amelia plugin versions = 1.0.48. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.49...

Information Disclosure

alextselegidis/easyappointments is vulnerable to information disclosure. Remote unauthenticated attackers are able to gain access to private information such as name, email, phone, address, hashed password for all the customers with active appointments in the system. Using...

Easy!Appointments 安全漏洞

Easy!Appointments is a web-based appointment and schedule management system. There is a security vulnerability in Easy!Appointments, no information about the vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...

WordPress Amelia plugin <= 1.0.46 - Arbitrary Appointments Update and Sensitive Data Disclosure vulnerability

Arbitrary Appointments Update and Sensitive Data Disclosure vulnerability discovered by Huli Cymetrics in WordPress Amelia plugin versions = 1.0.46. Solution Update the WordPress Amelia plugin to the latest available version at least 1.0.47...

CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

CVE-2022-22107

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

CVE-2022-22107 DayByDay CRM - Missing Authorization when Viewing Appointments

In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...

CVE-2021-36091

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

CVE-2021-36091

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

CVE-2021-36091 Unautorized access to the calendar appointments

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

CVE-2021-36091

Agents are able to list appointments in the calendars without required permissions. This issue affects: OTRS AG OTRS Community Edition: 6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x versions prior to 7.0.27...

Healthcare service faces test of willpower with Ransomware authors

Healthcare and ransomware are in the news in a big way. Data leaks are inevitable, but those are typically associated with accidents by the general public. Possibly the most malicious type of data spillage is when people compromising said data decide to do the spilling. It’s one thing to...

Bad Bot Traffic Breaks Records in 2020

Bad bots have long been a major illness plaguing the internet. As internet traffic reached new heights throughout the global pandemic, unfortunately so did bot traffic. In 2020, 40.8 percent of internet traffic wasn’t human, and 25.6 percent originated from bad bots. What have these bad bots been...