44 matches found
CVE-2022-21861
Task Flow Data Engine Elevation of Privilege Vulnerability...
CVE-2022-21861
Task Flow Data Engine Elevation of Privilege Vulnerability...
CVE-2022-21861
Task Flow Data Engine Elevation of Privilege Vulnerability...
Privilege escalation
Task Flow Data Engine Elevation of Privilege Vulnerability...
CVE-2022-21861 Task Flow Data Engine Elevation of Privilege Vulnerability
...
CVE-2022-21861
Technical details about CVE-2022-21861 are not provided in the connected documents; publicly available content in the initial entry is limited to a high-level description and scores. Monitor for updates.
Task Flow Data Engine Elevation of Privilege Vulnerability
...
Microsoft Windows权限许可和访问控制问题漏洞
Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A vulnerability exists in Microsoft Windows Task Flow Data Engine with privilege permission and access control issues. The following products and editions are affected: Windows 10 Version...
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...
Design/Logic Flaw
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...
CVE-2021-29052
The Data Engine module in Liferay Portal 7.3.0 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 does not check permissions in DataDefinitionResourceImpl.getSiteDataDefinitionByContentTypeByDataDefinitionKey, which allows remote authenticated users to view DDMStructures via GET API calls...
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect IBM Initiate Master Data Service (CVE-2015-4872, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 6 that is used by IBM Initiate Master Data Service. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as “SLOTH”. Vulnerabilit...
Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_showcolv Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2038/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...
Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_displayparamstmt Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2030/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...
Microsoft SQL Server 7.0/2000,Data Engine 1.0/2000 xp_peekqueue Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/2040/info The API Srvparaminfo, which is implemented by Extended Stored Procedures XPs in Microsoft SQL Server and Data Engine, is susceptible to a buffer overflow vulnerability which may cause the application to fail or...
CVE-2002-2118
Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remote attackers to cause a denial of service via a long URL...
CVE-2002-2118
CVE-2002-2118 affects Blue World Lasso Web Data Engine 3.6.5. A buffer overflow in the URL handling allows remote attackers to trigger a denial of service. The available description confirms a network-facing vector via a long URL, with impact limited to DoS; no additional exploit details, affecte...
CVE-2000-1209
The "sa" account is installed with a default null password on 1 Microsoft SQL Server 2000, 2 SQL Server 7.0, and 3 Data Engine MSDE 1.0, including third party packages that use these products such as 4 Tumbleweed Secure Mail MMS 5 Compaq Insight Manager, and 6 Visio 2000, which allows remote...
CVE-2000-1209
The CVE-2000-1209 issue affects Microsoft SQL Server 2000, SQL Server 7.0, and Data Engine (MSDE) 1.0 where the sa account is installed with a default null password. This enables remote attackers to gain privileges and was exploited by worms such as Voyager Alpha Force and Spida, with third-party...