52 matches found
PT-2024-15491 · Unknown · Mandelo Ssm Shiro Blog
Name of the Vulnerable Software and Affected Versions: Mandelo ssm shiro blog version 1.0 Description: A vulnerability has been found in the file updateRoles of the component Backend, leading to improper access controls. The manipulation of this vulnerability can be used to exploit the issue...
CVE-2023-7212
A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file fileclass.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the...
Google Chromecast Security Breach
Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast has a security vulnerability that stems from a security flaw in BCB that...
CVE-2020-25096
LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...
Denial of Service in Online Media Asset Handling
Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...
Open-Xchange OX App Suite Backend Component Information Disclosure Vulnerability
Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in a back-end component in Open-Xchange OX App Suite. A remote attacker could exploi...
Open redirect
The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a...
CVE-2016-4056
Cross-site scripting XSS vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark...
CVE-2012-1606
Multiple cross-site scripting XSS vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2012-1606
Multiple cross-site scripting XSS vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...
CVE-2010-2643
Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer...
Design/Logic Flaw
The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue...