242 matches found
CVE-2023-29725
The BT21 x BTS Wallpaper app 12 for Android allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opened. By injecting...
CVE-2023-29723
The Glitter Unicorn Wallpaper app for Android 7.0 thru 8.0 allows unauthorized applications to actively request permission to insert data into the database that records information about a user's personal preferences and will be loaded into memory to be read and used when the application is opene...
ShipStation 安全漏洞
ShipStation is an e-commerce retail order carrier processing and shipping software from ShipStation. A security vulnerability exists in ShipStation version 1.1 and prior versions that stems from unchecked access to an endpoint, allowing a remote attacker to insert arbitrary information into the...
mina-sshd: Java unsafe deserialization vulnerability
A flaw was found in Apache MINA SSHD, when using Java deserialization to load a serialized java.security.PrivateKey. An attacker could benefit from unsafe deserialization by inserting unsecured data that may affect the application or server...
Oracle PeopleSoft Enterprise PeopleTools 安全漏洞
Oracle PeopleSoft Enterprise PeopleTools is Oracle's technology for providing PeopleSoft applications with the ability to stay in sync with users' needs and expectations. A security vulnerability in Oracle PeopleSoft's PeopleSoft Enterprise PeopleTools 8.60 can be exploited by an attacker to caus...
The vulnerability of the SAP BusinessObjects Business Intelligence platform lies in its ability to allow the insertion of code or data, enabling attackers to gain full access to the application.
The vulnerability of the SAP BusinessObjects Business Intelligence platform is related to the possibility of introducing code or data. Exploiting this vulnerability can allow a malicious actor to gain full access to the application...
CVE-2022-23488
BigBlueButton prior to version 2.4-rc-6 is vulnerable: the moderators-only webcam lock is not enforced on the backend, allowing an attacker to subscribe to viewers’ webcams due to the streamId being sent to all users regardless of the lock. The issue is fixed in 2.4-rc-6. A remediation is to upgr...
Design/Logic Flaw
Insertion of Sensitive Information into Temporary File vulnerability in Hitachi Infrastructure Analytics Advisor on Linux Analytics probe component, Hitachi Ops Center Analyzer on Linux Hitachi Ops Center Analyzer probe component allows local users to gain sensitive information. This issue affect...
Oracle Fusion Middleware 安全漏洞
Oracle Fusion Middleware Oracle Fusion Middleware is a set of business innovation platforms for enterprise and cloud environments from Oracle USA. The platform provides middleware, software collections, and other capabilities. A security vulnerability exists in Oracle Fusion Middleware version...
Oracle Fusion Middleware 安全漏洞
Oracle Fusion Middleware Oracle Fusion Middleware is a set of Oracle's Oracle business innovation platform for enterprise and cloud environments. The platform provides middleware, software collections, and other functionality.Forms is a component used to create forms that interact with Oracle...
Fixed in ClickHouse 22.9.1.2603, 2022-09-22
A heap buffer overflow issue was discovered in ClickHouse server. A malicious user with ability to load data into ClickHouse server could crash the ClickHouse server by inserting a malformed CapnProto object...
UBUNTU-CVE-2022-21539
Vulnerability in the MySQL Server product of Oracle MySQL component: InnoDB. Supported versions that are affected are 8.0.29 and prior. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of th...
Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code...
GHSA-WR6P-J63R-XQHV Jenkins allows Data Insertion and Execution of Code by those with Read and HTTP Access
Jenkins main before 1.482 and LTS before 1.466.2 allows remote attackers with read access and HTTP access to Jenkins master to insert data and execute arbitrary code...
Plesk Cross-Site Request Forgery Vulnerability (CNVD-2022-91163)
Plesk is a hosting control panel from the Swiss company Plesk. version 18.0.37 of Plesk is vulnerable to cross-site request forgery, which stems from the software's lack of validation of cross-site request forgery tokens. An attacker could exploit this vulnerability to insert data in the user and...
CVE-2021-45007
Plesk 18.0.37 is affected by a Cross Site Request Forgery CSRF vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...
CVE-2021-45007
Summary: CVE-2021-45007 affects Plesk 18.0.37 and is a Cross-Site Request Forgery (CSRF) vulnerability caused by lack of CSRF token validation, enabling an attacker to insert data into the user and admin panels. Affected component/scope: Plesk 18.0.37; site-specific issues noted across Plesk user...
CVE-2021-45007
Plesk 18.0.37 is affected by a Cross Site Request Forgery CSRF vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...
CVE-2021-45007
Plesk 18.0.37 is affected by a Cross Site Request Forgery CSRF vulnerability that allows an attacker to insert data on the user and admin panel. NOTE: the vendor states that this is only a site-specific problem on websites of one or more Plesk users...
CVE-2021-35232 Hard credentials discovered in SolarWinds Web Help Desk which allows to execute Arbitrary Hibernate Queries
Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users ...