IBM Big SQL 缓冲区错误漏洞

IBM Big SQL is an enterprise-class, ANSI-compliant, hybrid SQL -on-Hadoop engine from IBM USA that provides massively parallel processing MPP and advanced data querying. A buffer error vulnerability exists in IBM Big SQL that allows an authenticated user with appropriate privileges to obtain...

IBM Cloud Pak for Data 安全漏洞

IBM Big SQL is an enterprise-class, ANSI-compliant hybrid SQL-on-Hadoop engine from IBM that provides massively parallel processing MPP and advanced data querying.IBM Big SQL contains a security vulnerability that could be exploited to allow an authenticated user with appropriate privileges to...

Security Bulletin: Data masking rules are not enforced when CREATE TABLE AS SELECT statement is executed in IBM Big SQL

Summary A software defect in IBM Big SQL prevents data masking rules to be enforced when a user executes CREATE TABLE AS SELECT … WITH DATA statement. The newly created table contains unmasked data. Vulnerability Details CVEID:CVE-2022-22353 DESCRIPTION: IBM Big SQL could allow an authenticated...

Shopware Licensing Issue Vulnerability

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware suffers from an authorization issue vulnerability that stems from incorrect api routing checks. An attacker could exploit this vulnerability to modify customers and create orders without application...

Incorrect Authentication in shopware

Impact Modify Customers, create Orders without App Permission Patches We recommend updating to the current version 6.4.8.2. You can get the update to 6.4.8.2 regularly via the Auto-Updater or directly via the download overview. https://www.shopware.com/en/download/shopware-6 Workarounds For older...

Privilege Escalation

shopware/core is vulnerable to Privilege Escalation. The The vulnerability exists due to lack of validate API library which allows to an attacker to modify customers and create orders without permission...

Shopware 授权问题漏洞

Shopware is a suite of open source e-commerce software from the German company Shopware.Shopware suffers from an authorization issue vulnerability that stems from incorrect api routing checks. An attacker could exploit this vulnerability to modify customers and create orders without application...

leroy-warnt.de Improper Access Control vulnerability OBB-2394514

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

DEBIAN-CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

Remote code execution

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

UBUNTU-CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

CVE-2022-22909

HotelDruid v3.0.3 is affected by a remote code execution (RCE) vulnerability that can be triggered by inserting a crafted payload into the name field in the Create New Room module. The underlying issue arises from room names being stored in /var/www/html/hoteldruid/dati/selectappartamenti.php, a ...

CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

Security Bulletin: Oracle Database Server Vulnerability Affects IBM Emptoris Program Management (CVE-2021-35557)

Summary IBM Emptoris Program Management supports Oracle database server as a backend database. The remediated version of Oracle database server has been certified by IBM Emptoris Program Management. Vulnerability Details CVEID: CVE-2021-35557 DESCRIPTION: An unspecified vulnerability in Oracle...

WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin < 1.1.9 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin versions 1.1.9. Solution Update the WordPress Bulk Edit Events – Create Events in a Bulk Editor plugin to the latest available version at least...

WordPress Caxton – Create Pro page layouts in Gutenberg plugin < 1.30.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Caxton – Create Pro page layouts in Gutenberg plugin versions 1.30.0. Solution Update the WordPress Caxton – Create Pro page layouts in Gutenberg plugin to the latest available version at least 1.30.0...