CVE-2022-0709

The Booking Package WordPress plugin before 1.5.29 requires a token for exporting the ical representation of it's booking calendar, but this token is returned in the json response to unauthenticated users performing a booking, leading to a sensitive data disclosure vulnerability...

The vulnerability of the br.com.anteros.dbcp.AnterosDBCPDataSource component in the FasterXML jackson-databind library allows a attacker to compromise data integrity, gain access to confidential data, and cause service interruptions.

The vulnerability of the br.com.anteros.dbcp.AnterosDBCPDataSource component from the FasterXML library, within the jackson-databind library, is related to errors in code generation management. Exploiting this vulnerability may allow an attacker to compromise data integrity, gain access to...

GHSA-XMVG-W4F9-99R7 XML External Entity (XXE) vulnerability in bw-calendar-engine

bw-calendar-engine version = bw-calendar-engine-3.12.0 contains a XML External Entity XXE vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious...

CVE-2018-1000836

bw-calendar-engine version = bw-calendar-engine-3.12.0 contains a XML External Entity XXE vulnerability in IscheduleClient XML Parser that can result in Disclosure of confidential data, denial of service, SSRF, port scanning. This attack appear to be exploitable via Man in the Middle or malicious...

Quest NetVault Backup Server < 11.4.5 Process Manager Service SQL Injection Remote Code Execution Vulnerability (ZDI-17-982)

The version of Quest NetVault Backup Server running on the remote host is prior to 11.4.5. It is, therefore, affected by an SQL injection SQLi remote code execution vulnerability in the process manager server due to improper validation of user-supplied input. An unauthenticated, remote attacker c...