8 matches found
CVE-2026-30927
Admidio is an open-source user management solution. Prior to 5.0.6, in modules/events/eventsfunction.php, the event participation logic allows any user who can participate in an event to register OTHER users by manipulating the useruuid GET parameter. The condition uses || OR, meaning if...
Request Tracker -- information exposure vulnerability
Request Tracker reports: CVE-2024-3262 describes previously viewed pages being stored in the browser cache, which is the typical default behavior of most browsers to enable the "back" button. Someone who gains access to a host computer could potentially view ticket data using the back button, eve...
PT-2022-16577 · Mongodb · Mongodb Server +1
Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to and including v5.0.6 Description: An authenticated user may trigger an invariant assertion during command dispatch due to incorrect validation on the $external database. This may result in mongod denial of...
Oracle Linux 7 : kernel (ELSA-2020-5023)
The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5023 advisory. - net bluetooth: l2cap: Fix calling skfilter on non-socket based channel Gopal Tiwari 1888253 CVE-2020-12351 - net bluetooth: a2mp: Fix not initializin...
Linux kernel fs/proc/proc_sysctl.c file null pointer dereference vulnerability
The Linux kernel is a computer operating system kernel written in C and assembly language, compliant with the POSIX standard, and distributed under the GNU General Public License. A null pointer dereference vulnerability exists in the 'dropsysctltable' in the fs/proc/procsysctl.c file in Linux...
UBUNTU-CVE-2013-2089
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data...
CVE-2013-2045
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...
UBUNTU-CVE-2011-0221
WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2011-07-20-1...