8 matches found
CVE-2025-31966
HCL Sametime is vulnerable to broken server-side validation. While the application performs client-side input checks, these are not enforced by the web server. An attacker can bypass these restrictions by sending manipulated HTTP requests directly to the server...
Overhang Tutor Discloses Sensitive Information due to Improper Cache-Control
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
Astra Linux - уязвимость в openssl
Issue summary: Applications performing certificate name checks e.g., TLS clients checking server certificates may attempt to read an invalid memory address resulting in abnormal termination of the application process. Impact summary: Abnormal termination of an application can a cause a denial of...
OESA-2024-2179 openssl security update
The OpenSSL Project is a collaborative effort to develop a robust, commercial-grade, fully featured, and Open Source toolkit implementing the Secure Sockets Layer SSL v2/v3 and Transport Layer Security TLS v1 protocols as well as a full-strength general purpose cryptography library. The project i...
Gallagher Command Centre security breach
Gallagher Command Centre is a centralized control tool for Gallagher access control systems from Gallagher New Zealand. A security vulnerability exists in versions prior to Gallagher Command Center vEL8.90.1620 MR2 that stems from client-side enforcement that could be bypassed and result in inval...
CVE-2022-24125
The matchmaking servers of Bandai Namco FromSoftware Dark Souls III through 2022-03-19 allow remote attackers to send arbitrary push requests to clients via a RequestSendMessageToPlayers request. For example, ability to send a push message to hundreds of thousands of machines is only restricted o...
CVE-2022-24984
Forms generated by JQueryForm.com before 2022-02-05 if file-upload capability is enabled allow remote unauthenticated attackers to upload executable files and achieve remote code execution. This occurs because file-extension checks occur on the client side, and because not all executable content...
File Upload Vulnerability in QYKCMS Version 4.3.2
QYKCMS is a lightweight intelligent website building system based on PHP+MySql developed by QYK. QYKCMS 4.3.2 version of the file upload vulnerability, the vulnerability stems from the server side did not filter the file content, the attacker can bypass the client-side detection of the direct...