Security fix for the ALT Linux 9 package glpi version 9.5.12-alt1

9.5.12-alt1 built March 29, 2023 Pavel Zilke in task 317348 March 18, 2023 Pavel Zilke - New version 9.5.12 - This release fixes several security issues that has been recently discovered. Update is recommended! - Security fixes: + CVE-2023-22722 : XSS on browse views + CVE-2023-22725 : XSS on...

PT-2023-16978 · WordPress · Wp Simple Shopping Cart

Name of the Vulnerable Software and Affected Versions: WP Simple Shopping Cart plugin for WordPress versions up to, and including, 4.6.3 Description: The issue allows unauthenticated attackers to view sensitive information that should be limited to administrators only. This information can includ...

CVE-2021-36401

In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk...

Gmail and Google Calendar Now Support Client-Side Encryption (CSE) to Boost Data Privacy

Google has announced the general availability of client-side encryption CSE for Gmail and Calendar, months after piloting the feature in late 2022. The data privacy controls enable "even more organizations to become arbiters of their own data and the sole party deciding who has access to it,"...

CVE-2023-23610

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access including...

Design/Logic Flaw

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access including...

UBUNTU-CVE-2023-23610

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access including...

Vulnerability found in KeePass

A vulnerability has been found in KeePass. A malicious person could potentially exploit the vulnerability to gain access to data stored in a KeePass database. This could include usernames, passwords and email addresses. Successful misuse requires that the malicious party have access to the system...

CVE-2023-23610 glpi vulnerable to Unauthorized access to data export

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access including...

CVE-2023-23610 glpi vulnerable to Unauthorized access to data export

GLPI is a Free Asset and IT Management Software package. Versions prior to 9.5.12 and 10.0.6 are vulnerable to Improper Privilege Management. Any user having access to the standard interface can export data of almost any GLPI item type, even those on which user is not allowed to access including...

PT-2023-9271 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.12 GLPI versions prior to 10.0.6 Description: The issue is related to improper privilege management, allowing any user with access to the standard interface to export data of almost any GLPI item type, including...

CVE-2022-38803

The CVE-2022-38803 issue affects Zkteco BioTime prior to 8.5.3 Build 20200816.447. Root cause: Incorrect Access Control allowing an authenticated user to cause cross-site scripting in the PDF export generator, enabling reading of local files when exporting data as a PDF. Impact: confidentiality o...

WP CSV Exporter < 1.3.7 - CSV Injection

The plugin does not properly escape the fields when exporting data as CSV, leading to a CSV injection vulnerability. - create a post using =5+5 as the title - export the data as CSV - open the CSV with a spreadsheet application Excel, Libre Office - the CSV formula gets executed...

How to use Linked Helper 2 as a LinkedIn Data Export Tool

By Owais Sultan One of the best things about LinkedIn is that it allows you to download a CSV file with… This is a post from HackRead.com Read the original post: How to use Linked Helper 2 as a LinkedIn Data Export Tool...

CVE-2022-3558

The Import and export users and customers WordPress plugin before 1.20.5 does not properly escape data when exporting it via CSV files...

CVE-2022-40294

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers...

CVE-2022-40294

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers...

Design/Logic Flaw

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers...

CVE-2022-40294 CSV Injection in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers...

CVE-2022-40294 CSV Injection in PHP Point of Sale version 19.0, by PHP Point of Sale, LLC

The application was identified to have an CSV injection in data export functionality, allowing for malicious code to be embedded within export data and then triggered in exported data viewers...