Authorization

GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow...

CVE-2020-13300

GitLab CE/EE 13.3 prior to 13.3.4 is affected by CVE-2020-13300 due to an OAuth authorization scope change without user consent during the authorization flow. This could enable unintended expansion of granted permissions during OAuth. Remediation: upgrade to GitLab 13.3.4 or later. CVSS metrics i...

VTENEXT 19 CE Remote Code Execution

!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...

VTENEXT 19 CE - Remote Code Execution

!/usr/bin/python3 Exploit Title: VTENEXT 19 CE - Remote Code Execution Google Dork: n/a Date: 2020/09/09 Exploit Author: Marco Ruela Vendor Homepage: https://www.vtenext.com/en/ Software Link: Vendor removed vulnerable version from sourceforge.net Version: 19 CE Tested on: Ubuntu 16.04 CVE : N/A...

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

Cross site scripting

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

CVE-2020-12058

CVE-2020-12058 affects osCommerce CE Phoenix prior to 1.0.6.0, where multiple XSS flaws allow injection/execution of arbitrary JavaScript. Vulnerable components include admin scripts such as order_status.php, tax_rates.php, languages.php, countries.php, tax_classes.php, reviews.php, zones.php, an...

CVE-2020-12058

Several XSS vulnerabilities in osCommerce CE Phoenix before 1.0.6.0 allow an attacker to inject and execute arbitrary JavaScript code. The malicious code can be injected as follows: the page parameter to catalog/admin/orderstatus.php, catalog/admin/taxrates.php, catalog/admin/languages.php,...

Denial of Service Vulnerability in EKI-1511X-AE/ADAM-4571-CE at Advantech (China) Co.

Advantech China Co., Ltd. is a global manufacturer in the intelligent system industry. A denial of service vulnerability exists in Advantech China Co. EKI-1511X-AE/ADAM-4571-CE, which can be exploited by attackers to cause a program crash...

ce-marking.help Cross Site Scripting vulnerability OBB-1236829

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Security Bulletin: WML CE: TensorFlow: In SQLite before 3.32.3, select.c mishandles query-flattener optimization

Summary In SQLite before 3.32.3, select.c mishandles query-flattener optimization, leading to a multiSelectOrderBy heap overflow because of misuse of transitive properties for constant propagation. TensorFlow in WML CE uses SQLite as its embedded SQL database engine. Vulnerability Details CVEID:...

CVE-2020-15052

An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields...

CVE-2020-15052

An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields...

CVE-2020-15053

An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...

CVE-2020-15053

An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...

CVE-2020-15052

An issue was discovered in Artica Proxy CE before 4.28.030.418. SQL Injection exists via the Netmask, Hostname, and Alias fields...

CVE-2020-15053

Artica Proxy CE (before 4.28.030.418) contains a Reflected XSS in multiple search fields (real time request, System Events, Proxy Events, Proxy Objects, Firewall objects). The issue is documented across CVE-2020-15053 entries (NVD, Red Hat, CNVD, etc.). What is affected: Artica Proxy CE

CVE-2020-15053

An issue was discovered in Artica Proxy CE before 4.28.030.418. Reflected XSS exists via these search fields: real time request, System Events, Proxy Events, Proxy Objects, and Firewall objects...

CVE-2020-15052

CVE-2020-15052 affects Artica Proxy CE before 4.28.030.418. The vulnerability is a SQL injection via the Netmask, Hostname, and Alias fields, stemming from insufficient validation of externally entered SQL statements in the database-backed Artica Proxy Community Edition. Connected CNVD-2020-41859...

Security Bulletin: WML CE: Pillow before 7.1.0 has multiple out-of-bounds reads

Summary Pillow before 7.1.0 has multiple out-of-bounds reads in libImaging/FliDecode.c. PyTorch and TensorFlow use Pillow. Vulnerability Details CVEID: CVE-2020-10177 DESCRIPTION: Pillow could allow a remote attacker to obtain sensitive information, caused by multiple out-of-bounds reads in...