Cross site request forgery (csrf)

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

PYSEC-2023-293

An authentication bypass vulnerability has been found in Repox, which allows a remote user to send a specially crafted POST request, due to the lack of any authentication method, resulting in the alteration or creation of users...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

postgresql: row security policies disregard user ID changes after inlining.

A flaw was found in PostgreSQL, which could permit incorrect policies being applied in certain cases where role-specific policies are used and a given query is planned under one role and executed under other roles. This scenario can happen under security definer functions, or when a common user a...

Arduino Cross-Site Scripting Vulnerability

Arduino is a microcontroller board from the Arduino project. A cross-site scripting vulnerability exists in Arduino Create Agent versions prior to 1.3.6, which stems from vulnerability to reflective cross-site scripting attacks that allow an attacker to execute arbitrary code on the browser clien...

PT-2023-7606 · Websoft · Websoft Hcm

Name of the Vulnerable Software and Affected Versions: Websoft HCM affected versions not specified Description: The issue is related to improper access control in the Websoft HCM system, which can be exploited by a remote attacker to create a new user in the system. Recommendations: At the moment...

CVE-2023-47326

CVE-2023-47326 : Silverpeas Core 6.3.1 is affected by a Cross Site Request Forgery (CSRF) in the Domain SQL Create function. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) indicates high impact to confidentiality, integrity, and availability. The connected advisories identify the vulne...

PT-2023-30419 · Unknown · Silverpeas Core

Name of the Vulnerable Software and Affected Versions: Silverpeas Core version 6.3.1 Description: The issue is related to Cross Site Request Forgery CSRF via the Domain SQL Create function. This means that an attacker could potentially trick a user into performing unintended actions on the...

CVE-2023-47327

The CVE-2023-47327 entry describes a broken access control in Silverpeas Core 6.3.1, where the reate a Spaceeature is reserved for administrators but can be triggered by any authenticated user by navigating to a specific URL. This permits unauthorized space creation, as documented across Red Ha...

PT-2023-36078 · Repox · Repox

Name of the Vulnerable Software and Affected Versions: Repox affected versions not specified Description: An authentication bypass issue has been found, allowing a remote user to send a specially crafted POST request to alter or create users due to the lack of any authentication method...

Repox Security Vulnerability

Repox is a framework for managing data spaces from Repox, Inc. A security vulnerability exists in Repox 2.3.7 and earlier versions that stems from the presence of an authentication bypass vulnerability. An attacker can exploit the vulnerability by sending a crafted POST request to change or creat...

CVE-2023-47326

Silverpeas Core 6.3.1 is vulnerable to Cross Site Request Forgery CSRF via the Domain SQL Create function...

dashboard.createappasia.com Cross Site Scripting vulnerability OBB-3811181

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

CVE-2023-41118

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It may allow an authenticated user to bypass authorization requirements and access underlying implementation functions. Wh...

CVE-2023-41113

An issue was discovered in EnterpriseDB Postgres Advanced Server EPAS before 11.21.32, 12.x before 12.16.20, 13.x before 13.12.16, 14.x before 14.9.0, and 15.x before 15.4.0. It allows an authenticated user to to obtain information about whether certain files exist on disk, what errors if any occ...

PT-2023-27801 · Enterprisedb · Enterprisedb Postgres Advanced Server

Name of the Vulnerable Software and Affected Versions: EnterpriseDB Postgres Advanced Server EPAS versions prior to 11.21.32 EnterpriseDB Postgres Advanced Server EPAS versions 12.x prior to 12.16.20 EnterpriseDB Postgres Advanced Server EPAS versions 13.x prior to 13.12.16 EnterpriseDB Postgres...

postgresql: extension script @substitutions@ within quoting allow SQL injection

IN THE EXTENSION SCRIPT, a SQL Injection vulnerability was found in PostgreSQL if it uses @extowner@, @extschema@, or @extschema:...@ inside a quoting construct dollar quoting, '', or "". If an administrator has installed files of a vulnerable, trusted, non-bundled extension, an attacker with...

The vulnerability of the `createPendingIntent` function in the CredentialManagerUi.java file in the Android operating system, which allows a hacker to disclose protected information

The vulnerability of the createPendingIntent function in the CredentialManagerUi.java file of the Android operating system is related to the lack of protection for service data. Exploiting this vulnerability could allow a perpetrator to disclose protected information...