5 matches found
SUSE CVE-2018-11091
An issue was discovered in MyBiz MyProcureNet 5.0.0. A malicious file can be uploaded to the webserver by an attacker. It is possible for an attacker to upload a script to issue operating system commands. This vulnerability occurs because an attacker is able to adjust the...
virt:rhel security update
libguestfs 1:1.38.4-10.0.1 - Config supermin to use host yum.conf in ol8 Orabug: 29319324 - Set DISTROORACLELINUX correspeonding to ol 1:1.38.4-10.1 - Fix inspection of partition-less devices resolves: rhbz1714747 libssh2 1.8.0-7.el80.1 - fix integer overflow in keyboard interactive handling that...
Microsoft Windows Multiple Vulnerabilities (KB4494440)
This host is missing a critical security update according to Microsoft KB4494440 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
Microsoft Windows Multiple Vulnerabilities (KB4499167)
This host is missing a critical security update according to Microsoft KB4499167 Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This progra...
CVE-2018-11091
CVE-2018-11091 affects MyBiz MyProcureNet 5.0.0. A malicious actor can upload a script by tampering with HiddenFieldControlCustomWhiteListedExtensions, adding an allowed extension (e.g., .asp) so files like secctest.asp are accepted. This enables arbitrary command execution on the webserver and p...