GHSA-HCR7-CQWC-Q5GQ Apache Superset server arbitrary file read

Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with localinfile enabled. If both the MariaDB server off by default and the local mysql client on the web server are set to allow for local infile, it's possible for the...

RHEL 6 : openstack-glance (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-glance: API v1 copyfrom reveals network details CVE-2017-7200 - A vulnerability was found in...

GHSA-CJCC-P67M-7QXM Unsafe Reflection in base Component class in yiisoft/yii2

Yii2 supports attaching Behaviors to Components by setting properties having the format 'as '. Internally this is done using the set magic method. If the value passed to this method is not an instance of the Behavior class, a new object is instantiated using Yii::createObject$value. However, ther...

Laravel Hijacked authentication cookies vulnerability

Laravel 4.1.26 introduces security improvements for "remember me" cookies. Before this update, if a remember cookie was hijacked by another malicious user, the cookie would remain valid for a long period of time, even after the true owner of the account reset their password, logged out, etc. This...

RHEL 6 : openstack-glance (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - openstack-glance: API v1 copyfrom reveals network details CVE-2017-7200 - A vulnerability was found in...

CVE-2024-23995

Cross Site Scripting XSS in Beekeeper Studio 4.1.13 and earlier allows remote attackers to execute arbitrary code in the column name of a database table in tabulator-popup-container...

CVE-2024-23995

Beekeeper Studio is affected by CVE-2024-23995: an XSS flaw in the tabulator-popup-container allows remote attackers to execute arbitrary code via the column name of a database table. Affected versions are 4.1.13 and earlier. Multiple connected sources (Red Hat CVE entry and associated exploit/po...

BIT-TYPO3-2022-31046

TYPO3 is an open source web content management system. Prior to versions 7.6.57 ELTS, 8.7.47 ELTS, 9.5.34 ELTS, 10.4.29, and 11.5.11, the export functionality fails to limit the result set to allowed columns of a particular database table. This way, authenticated users can export internal details...

BIT-LIFERAY-2023-33945

SQL injection vulnerability in the upgrade process for SQL Server in Liferay Portal 7.3.1 through 7.4.3.17, and Liferay DXP 7.3 before update 6, and 7.4 before update 18 allows attackers to execute arbitrary SQL commands via the name of a database table's primary key index. This vulnerability is...

SAP NetWeaver AS ABAP Information Disclosure (3392547)

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...

CVE-2023-49581

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...

CVE-2023-49581 SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase...

CVE-2023-49581

CVE-2023-49581 affects SAP GUI for Windows and SAP GUI for Java. An unauthenticated attacker can access information that should be restricted and can also write data to a database table, potentially increasing response times of the AS ABAP and causing mild availability impact. Public details acro...

Improper Access Control

dolibarr/dolibarr is vulnerable to Improper Access Control. The vulnerability is a result of the library's failure to adequately validate user input data. This allows an attacker to read a database table containing sensitive customer data...

Dolibarr Improper Input Validation vulnerability

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

GHSA-48V2-596X-4JR9 Dolibarr Improper Input Validation vulnerability

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

CVE-2023-4198

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

CVE-2023-4198

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

CVE-2023-4198 Dolibarr ERP CRM (<= 17.0.3) Improper Access Control

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...

CVE-2023-4198

Improper Access Control in Dolibarr ERP CRM = v17.0.3 allows an unauthorized authenticated user to read a database table containing customer data...