CVE-2021-41965

A SQL injection vulnerability exists in ChurchCRM version 2.0.0 to 4.4.5 that allows an authenticated attacker to issue an arbitrary SQL command to the database through the unsanitized ENtyid, theID and EID fields used when an Edit action on an existing record is being performed...

kernel: Local denial of service in bond_ipsec_add_sa

A NULL pointer dereference flaw was found in the Linux kernel’s bonding driver in the way a user bonds non existing or fake device. This flaw allows a local user to crash the system, causing a denial of service...

Ping Identity PingFederate授权问题漏洞

Ping Identity PingFederate is a flagship software-based federation server in the United States. for identity management. Ping Identity PingFederate has a security vulnerability that can be exploited by an existing user to reset the password of another existing user when the password reset mechani...

Is Possible Attacker Block setStrategy() When Already Existing Strategy

Lines of code Vulnerability details Impact /// NOTE: Migrate funds if settings strategy when already existing one if strategy != address0 require IStrategystrategy.balanceOf == 0, "Please withdrawToVault before changing strat" ; When setStrategy was called, it require no fund in existing Strategy...

Mozilla: OpenPGP revocation information was ignored

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as: When importing a revoked key that specified key compromise as the revocation reason, Thunderbird did not update the existing copy of the key that was not yet revoked, and the existing key was kept as...

What steps are needed to configure new StoreFront servers with an existing Gateway and Store URL

The objective of this article is to provide the recommended steps at a high level in order to configure two new StoreFront servers to work with an existing Gateway virtual server that utilizes an URL created with an old set of StoreFront servers...

Accounting Journal Management 跨站脚本漏洞

Accounting Journal Management is a simple PHP-based accounting journal management system with a trial balance. accounting Journal Management version 1.0 is vulnerable to a cross-site scripting vulnerability that stems from a lack of filtering of user-supplied data and The vulnerability is caused ...

Talisman - By Hooking Into The Pre-Push Hook Provided By Git, Talisman Validates The Outgoing Changeset For Things That Look Suspicious

A tool to detect and prevent secrets from getting checked in What is Talisman? Talisman is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation. It validates the outgoing changeset for things that look...

Design/Logic Flaw

A locking protection bypass flaw was found in some versions of gnome-shell as shipped within CentOS Stream 8, when the "Application menu" or "Window list" GNOME extensions are enabled. This flaw allows a physical attacker who has access to a locked system to kill existing applications and start n...

Default credentials

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password...

CVE-2021-43145

With certain LDAP configurations, Zammad 5.0.1 was found to be vulnerable to unauthorized access with existing user accounts...

CVE-2022-21659 Observable Response Discrepancy in Flask-AppBuilder

Flask-AppBuilder is an application development framework, built on top of the Flask web framework. In affected versions there exists a user enumeration vulnerability. This vulnerability allows for a non authenticated user to enumerate existing accounts by timing the response time from the server...

CVE-2022-21659

Removed by vendor...

CVE-2021-4133

A flaw was found in Keycloak in versions from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...

Keycloak: Incorrect authorization allows unpriviledged users to create other users

A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...

Keycloak: Incorrect authorization allows unpriviledged users to create other users

A flaw was found in Keycloak version from 12.0.0 and before 15.1.1 which allows an attacker with any existing user account to create new default user accounts via the administrative REST API even when new user registration is disabled...

GHSA-83X4-9CWR-5487 Improper Authorization in Keycloak

A incorrect authorization flaw was found in Keycloak 12.0.0, the flaw allows an attacker with any existing user account to create new default user accounts via the administrative REST API even where new user registration is disabled...

Information Disclosure

livehelperchat is vulnerable to information disclosure. The vulnerability exists in forgotpasswordsent.tpl.php because the error message indicates the password reset email sent which allows an attacker to gain access to sensitive information of an existing account...

PT-2022-12967 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: livehelperchat affected versions not specified Description: The issue concerns the generation of error messages that contain sensitive information. There is a noticeable difference in the error messages produced for existing and non-existing...

ROS-2-2541

2.2541 Notification on the update of the Red OS OPERATIONAL SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 is released. You can contact the technical support service within the framework of your existing technical support...