BIT-PRESTASHOP-2023-39529 PrestaShop vulnerable to file deletion via attachment API

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds...

Code injection

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds...

CVE-2023-39529 PrestaShop vulnerable to file deletion via attachment API

PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, it is possible to delete a file from the server by using the Attachments controller and the Attachments API. Version 8.1.1 contains a patch for this issue. There are no known workarounds...

SUSE CVE-2011-0869

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ...

SUSE CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

openstack-cinder: Improper handling of ScaleIO backend credentials

An insecure-credentials flaw was found in openstack-cinder. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the connectioninfo element in all Block Storage v3 Attachments API calls containing that element...

openstack-cinder: Improper handling of ScaleIO backend credentials

An insecure-credentials flaw was found in openstack-cinder. When using openstack-cinder with the Dell EMC ScaleIO or VxFlex OS backend storage driver, credentials for the entire backend are exposed in the connectioninfo element in all Block Storage v3 Attachments API calls containing that element...

CVE-2019-2907

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

Code injection

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

CVE-2019-2907

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

CVE-2019-2907

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

Oracle Web Services CVE-2019-2907 Remote Security Vulnerability

Description Oracle Web Services is prone to a remote security vulnerability. The vulnerability can be exploited over the 'HTTP' protocol. The 'SOAP with Attachments API for Java' component is affected. This vulnerability affects the following supported versions: 12.2.1.3.0 Technologies Affected...

Ubuntu 10.04 LTS / 10.10 / 11.04 : openjdk-6, openjdk-6b18 vulnerabilities (USN-1154-1)

It was discovered that a heap overflow in the AWT FileDialog.show method could allow an attacker to cause a denial of service through an application crash or possibly execute arbitrary code. CVE-2011-0815 It was dicovered that integer overflows in the JPEGImageReader readImage function and the...

OpenJDK: unprivileged proxy settings change via SOAPConnection (SAAJ, 7013971)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 6 Update 26 and earlier allows remote untrusted Java Web Start applications and untrusted Java applets to affect confidentiality via unknown vectors related to SAAJ...