Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks

Impact The unprocessed entities read endpoints in @backstage/plugin-catalog-backend-module-unprocessed do not enforce permission authorization checks. Any authenticated user can access unprocessed entity records regardless of ownership. This is an information disclosure vulnerability affecting...

EUVD-2008-3499

Malware in sbrugna...

Amlib NetOpacs 安全漏洞

Amlib NetOpacs is a catalog module in a library management system from Amlib UK. A security vulnerability exists in Amlib NetOpacs that stems from an unrestricted HTTP GET parameter input length that could lead to a stack buffer overflow and control flow hijacking...

CVE-2023-40920

Prixan prixanconnect up to v1.62 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::importProducts...

CVE-2023-39642

Carts Guru cartsguru up to v2.4.2 was discovered to contain a SQL injection vulnerability via the component CartsGuruCatalogModuleFrontController::display...

@aws/aws-config-catalog-module-for-backstage (>=0.1.0 <=0.2.0), @backstage-community/backstage-plugin-catalog-backend-module-mta-entity-provider (=0.3.0) +54 more potentially affected by CVE-2023-25571 via @backstage/plugin-catalog-backend (>=0.0.0-nightly-20220708025041 <=1.5.1)

@backstage/plugin-catalog-backend NPM version =0.0.0-nightly-20220708025041, =0.1.0, =0.4.0, =1.7.4, =1.0.3, =0.0.0-nightly-20240116021644, =0.0.0-nightly-20220219022334, =0.0.0-nightly-20220308022132, =0.0.0-nightly-20220311022539, =0.0.0-nightly-20220531024457, =0.0.0-nightly-20220810023539,...

PHP-Nuke Book Catalog Module 1.0 'upload.php' Arbitrary File Upload Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19890/info The Book Catalog module for PHP-Nuke is prone to a vulnerability that lets attackers upload arbitrary files. Exploiting this issue may allow an attacker to compromise the application and the underlying system;...

Nakid CMS 0.5.2 - Remote File Inclusion Exploit

No description provided by source. Nakid CMS 0.5.2 Remote Include Exploit Found by sh00t0ut Expl: http://victim/modules/catalog/uploadphoto.php?coresystempath=evil script...

Cross site scripting

Cross-site scripting XSS vulnerability in the Taxonomy Grid : Catalog module for Drupal 6.x-1.6 and earlier allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via unspecified vectors...

SQL Injection Vulnerabilities in 4site CMS

High-Tech Bridge SA Security Research Lab has discovered three vulnerabilities in 4site CMS which could be exploited to execute arbitrary SQL commands in applications database. 1 SQL injection vulnerabilities in 4site CMS: CVE-2010-4152 1.1 The vulnerability exists due to insufficient validation ...

CVE-2008-3513

SQL injection vulnerability in the Book Catalog module 1.0 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the catid parameter in a category action to modules.php...

PHP-Nuke Book Catalog Module Upload.PHP任意文件上传漏洞

PHP-Nuke Book Catalog Module是一款PHP的图书目录模块。 PHP-Nuke Book Catalog Module不正确过滤用户提交的数据，远程攻击者可以利用漏洞上传任意文件，并以WEB进程执行。 'BookCatalog/upload.php'对用户提交的图象文件缺少正确过滤，可直接提交PHP文件而导致以WEB权限执行。 SAP Basis Community Book Catalog Module 1.0 目前没有解决方案提供,请关注以下链接： http://www.basisconsultant.com/index.php...