Lucene search
K

52 matches found

Positive Technologies
Positive Technologies
added 2024/01/09 12:0 a.m.6 views

PT-2024-15491 · Unknown · Mandelo Ssm Shiro Blog

Name of the Vulnerable Software and Affected Versions: Mandelo ssm shiro blog version 1.0 Description: A vulnerability has been found in the file updateRoles of the component Backend, leading to improper access controls. The manipulation of this vulnerability can be used to exploit the issue...

7.5CVSS7AI score0.00647EPSS
Exploits1References6
OSV
OSV
added 2024/01/07 5:15 p.m.6 views

CVE-2023-7212

A vulnerability classified as critical has been found in DeDeCMS up to 5.7.112. Affected is an unknown function of the file fileclass.php of the component Backend. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the...

9.8CVSS5.2AI score0.0059EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/11 12:0 a.m.5 views

Google Chromecast Security Breach

Google Chromecast is a technology from the American company Google Google. It allows you to stream your favorite entertainment and apps from your phone, tablet or laptop directly to your TV or speakers. Google Chromecast has a security vulnerability that stems from a security flaw in BCB that...

9.8CVSS6.9AI score0.00372EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/12/17 2:3 a.m.20 views

CVE-2020-25096

LogRhythm Platform Manager PM 7.4.9 has Incorrect Access Control. Users within LogRhythm can be delegated different roles and privileges, intended to limit what data and services they can interact with. However, no access control is enforced for WebSocket-based communication to the PM application...

8.7AI score0.01012EPSS
Exploits0References1
Typo3
Typo3
added 2018/12/11 12:0 a.m.10 views

Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

6.6AI score
Exploits0Affected Software1
CNVD
CNVD
added 2018/06/20 12:0 a.m.4 views

Open-Xchange OX App Suite Backend Component Information Disclosure Vulnerability

Open-Xchange OX App Suite is a set of Web-based cloud desktop environments from Open-Xchange USA. The environment allows users to manage email, tasks, files, etc. more intuitively. A security vulnerability exists in a back-end component in Open-Xchange OX App Suite. A remote attacker could exploi...

6.5CVSS6AI score0.09234EPSS
Exploits4References1
Prion
Prion
added 2018/06/16 1:29 a.m.17 views

Open redirect

The backend component in Open-Xchange OX App Suite before 7.6.3-rev36, 7.8.x before 7.8.2-rev39, 7.8.3 before 7.8.3-rev44, and 7.8.4 before 7.8.4-rev22 does not properly check for folder-to-object association, which allows remote authenticated users to delete arbitrary tasks via the task id in a...

4CVSS5.4AI score0.05592EPSS
Exploits5References3Affected Software1
NVD
NVD
added 2017/01/23 9:59 p.m.17 views

CVE-2016-4056

Cross-site scripting XSS vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark...

6.1CVSS6AI score0.0108EPSS
Exploits1References3
NVD
NVD
added 2012/09/04 8:55 p.m.24 views

CVE-2012-1606

Multiple cross-site scripting XSS vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.3AI score0.01613EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2012/09/04 8:55 p.m.24 views

CVE-2012-1606

Multiple cross-site scripting XSS vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend users to inject arbitrary web script or HTML via unspecified vectors...

3.5CVSS5.9AI score0.01613EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2011/01/07 6:0 p.m.36 views

CVE-2010-2643

Integer overflow in the TFM font parser in the dvi-backend component in Evince 2.32 and earlier allows remote attackers to execute arbitrary code via a crafted font in conjunction with a DVI file that is processed by the thumbnailer...

7.6CVSS7.5AI score0.05994EPSS
Exploits0
Prion
Prion
added 2009/11/02 3:30 p.m.15 views

Design/Logic Flaw

The Backend subcomponent in TYPO3 4.0.13 and earlier, 4.1.x before 4.1.13, 4.2.x before 4.2.10, and 4.3.x before 4.3beta2 allows remote authenticated users to place arbitrary web sites in TYPO3 backend framesets via crafted parameters, related to a "frame hijacking" issue...

5.5CVSS6.4AI score0.01976EPSS
Exploits0References6Affected Software1
Rows per page
Query Builder