Authentication Bypass

onionsharecli is vulnerable to Authentication Bypass. The vulnerability exists in the upload function in receivemode.py file, allowing authorized users to spoof their leave event and hide the existence...

How To Secure Your Broadband?

By Owais Sultan Encrypting the Wi-Fi access points can guarantee a stable internet connection by allowing only authorized people to use broadband - Let's dig more into what other options do we have. This is a post from HackRead.com Read the original post: How To Secure Your Broadband?...

CVE-2021-27644

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

Sql injection

In Apache DolphinScheduler before 1.3.6 versions, authorized users can use SQL injection in the data source center. Only applicable to MySQL data source with internal login account password...

CVE-2021-24723

The WP Reactions Lite WordPress plugin before 1.3.6 does not properly sanitize inputs within wp-admin pages, allowing users with sufficient access to inject XSS payloads within /wp-admin/ pages...

IBM i2 Analyze input validation vulnerability

IBM i2 Analyze is an integrated set of security services and stores from IBM USA that provides authorized users with search, analysis and storage of intelligence data. a security vulnerability exists in IBM i2 Analyze that allows authenticated users to perform unauthorized actions due to dangerou...

CVE-2020-24146

Directory traversal in the CM Download Manager aka cm-download-manager plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action...

Vulnerability fixed in Mendix

The latest updates to Mendix fix a vulnerability that allows malicious authorized users can increase their privileges increase their privileges. Remove the authority to manage user roles for non-administrator roles to mitigate this security vulnerability for non-administrator users as a mitigatin...

CVE-2021-27602

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the...

Remote code execution

SAP Commerce, versions - 1808, 1811, 1905, 2005, 2011, Backoffice application allows certain authorized users to create source rules which are translated to drools rule when published to certain modules within the application. An attacker with this authorization can inject malicious code in the...

SAP Commerce 代码注入漏洞

SAP Commerce is a set of cloud-based e-commerce platform from Germany's SAP. This product supports sales management, marketing management, order management and operations management. A security vulnerability exists in SAP Commerce 1808, 1811, 1905, 2005, 2011, which allows certain authorized user...

MongoDB 安全漏洞

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A denial of service vulnerability exists in MongoDB Server, which originates...

CVE-2021-21297

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default...

Design/Logic Flaw

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default...

CVE-2021-21297 Prototype Pollution in Node-Red

Node-Red is a low-code programming for event-driven applications built using nodejs. Node-RED 1.2.7 and earlier contains a Prototype Pollution vulnerability in the admin API. A badly formed request can modify the prototype of the default JavaScript Object with the potential to affect the default...

jenkins: Improper handling of REST API XML deserialization errors

A flaw was found in jenkins. An attacker with permission to create or configure various objects to inject crafted content into Old Data Monitor can cause the instantiation of potentially unsafe objects once discarded by an administrator. The highest threat from this vulnerability is to data...

Information disclosure

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. This information could be obtained by a user with permissions to read log files. IBM X-Force ID: 194965...

CVE-2020-26828

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload script on target...

CVE-2020-26250 Base class whitelist configuration ignored in OAuthenticator

OAuthenticator is an OAuth login mechanism for JupyterHub. In oauthenticator from version 0.12.0 and before 0.12.2, the deprecated in jupyterhub 1.2 configuration Authenticator.whitelist, which should be transparently mapped to Authenticator.allowedusers with a warning, is instead ignored by...

Mongodb Server 输入验证错误漏洞

Mongodb Server is the United States Mongodb company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server that originates from the...