EUVD-2018-9443

Malware in sbrugna...

Silverstripe XSS in TreeDropdownField and TreeMultiSelectField

A cross-site scripting vulnerability has been discovered in the TreeDropdownField and TreeMultiSelectField. This vulnerability can only be exploited if a user with CMS access has posted malicious or unescaped HTML into any of the dataobjects used as a data source for either of these fields. This...

GHSA-C9HW-557Q-F8HQ Pimcore vulnerable to SQL Injection in Dataobjects sorting

Impact Using some SQL exploitation tools such as sqlmap, an attacker can enumerate all information in the database, alter data or perform dos on the backend database. Patches Update to version 10.6.5 or apply this patch manually...

Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply these patches manually...

GHSA-2295-VH28-PPHC Cross-site Scripting (XSS) in DataObjects QuantityValue Unit Definition

Impact This vulnerability has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or redirect users to other malicious sites. Patches Update to version 10.5.21 or apply these patches manually...

GHSA-JH3W-6JP2-VQQM Missing permission check of canView in GridFieldPrintButton

The GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorised to access. Upgrade to silverstripe/framework 4.12.5 or above to address the issue. Reported by Stephan Bauer from relaxt...

Design/Logic Flaw

Silverstripe Framework is the Model-View-Controller framework that powers the Silverstripe content management system. Prior to version 4.12.15, the GridField print view incorrectly validates the permission of DataObjects potentially allowing a content author to view records they are not authorise...

CVE-2023-22728

CVE-2023-22728 affects Silverstripe Framework specifically the GridField print view. The root cause is a missing/incorrect permission check for DataObjects in GridFieldPrintButton, potentially allowing a content author to view records they are not authorized to access. Affected software: Silverst...

PT-2023-18669 · Silverstripe · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: Silverstripe Framework versions prior to 4.12.15 Description: The GridField print view incorrectly validates the permission of DataObjects, potentially allowing a content author to view records they are not authorized to access...

silverstripe framework 安全漏洞

silverstripe framework is a CMS web framework. A security vulnerability exists in Silverstripe Framework version 4.12.5 and prior versions, which stems from the GridField print view incorrectly validating the permissions of DataObjects. An attacker could use this vulnerability to view records tha...

Design/Logic Flaw

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader 9.2.0.9297. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Foxit Reader Collab dataObjects Use-After-Free Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Foxit Reader. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the...

Microsoft Windows Media Player Remote Code Execution (MS15-057; CVE-2015-1728)

A remote code execution vulnerability has been reported in Microsoft Windows Media Player. The vulnerability is due to an error in Microsoft Windows Media Player while handling specially crafted DataObjects. A remote attacker could trigger this flaw by convincing a victim to open a specially...

Microsoft Windows Media Player Remote Code Execution Vulnerability (3033890)

This host is missing a critical security update according to Microsoft Bulletin MS15-057. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...