GHSA-G776-759R-PF6X TYPO3 Broken Access Control in Import Module

It has been discovered that the Import/Export module is susceptible to broken access control. Regular backend users have access to import functionality which usually only is available to admin users or users having User TSconfig setting options.impexp.enableImportForNonAdminUser explicitly enable...

SugarCRM 13.0.1 Server-Side Template Injection

---------------------------------------------------------------------------- SugarCRM = 13.0.1 GetControl Server-Side Template Injection Vulnerability ---------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Versio...

Stored XSS in "Import" Module

Description When loading a CSV or XLSX file to preview before importing Step 4, no sanitization of the first line label, allows authenticated attacker to inject malicious XSS payload into the to import file, and store it on the target webserver. If any admin reuse the malicious uploaded importing...

Apache Atlas path traversal vulnerability

Apache Atlas is a scalable and extensible set of core functional governance services from the Apache Foundation.Apache Atlas versions 0.8.4 through 2.2.0 have a path traversal vulnerability that stems from improper input validation in the import module, which could be exploited by an authenticate...

Apache Atlas: zip path traversal in import functionality

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...

CVE-2022-34271

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...

CVE-2022-34271

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...

Design/Logic Flaw

A vulnerability in import module of Apache Atlas allows an authenticated user to write to web server filesystem. This issue affects Apache Atlas versions from 0.8.4 to 2.2.0...

PT-2022-22089 · Apache · Apache Atlas

Name of the Vulnerable Software and Affected Versions: Apache Atlas versions 0.8.4 through 2.2.0 Description: A vulnerability in the import module of Apache Atlas allows an authenticated user to write to the web server filesystem. Recommendations: For Apache Atlas versions 0.8.4 through 2.2.0,...

Apache Atlas 路径遍历漏洞

Apache Atlas is a scalable and extensible set of core functional governance services from the Apache Foundation.Apache Atlas versions 0.8.4 through 2.2.0 have a path traversal vulnerability that stems from improper input validation in the import module, which could be exploited by an authenticate...

CVE-2022-36551

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

CVE-2022-36551

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

CVE-2022-36551

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

Server side request forgery (ssrf)

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

PYSEC-2022-300

A Server Side Request Forgery SSRF in the Data Import module in Heartex - Label Studio Community Edition versions 1.5.0 and earlier allows an authenticated user to access arbitrary files on the system. Furthermore, self-registration is enabled by default in these versions of Label Studio enabling...

IBM Tivoli Storage Manager 5.2.0.1 Buffer Overflow

Exploit Title: IBM Tivoli Storage Manager Command Line Administrative Interface 5.2.0.1 - id' Field Stack Based Buffer Overflow Exploit Author: Paolo Stagno aka VoidSec Vendor Homepage: https://www.ibm.com/support/knowledgecenter/en/SSGSG77.1.0/com.ibm.itsm.tsm.doc/welcome.html Version: 5.2.0.1...

i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Vulnerability

Exploit for php platform in category web applications Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail...

i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion

Exploit Title: i-doit Open Source CMDB 1.14.1 - Arbitrary File Deletion Date: 2020-05-02 Author: Besim ALTINOK Vendor Homepage: https://www.i-doit.org/ Software Link: https://sourceforge.net/projects/i-doit/ Version: v1.14.1 Tested on: Xampp Credit: İsmail BOZKURT...

SugarCRM PHP Object Injection Vulnerability

SugarCRM is a set of open source customer relationship management software . A PHP object injection vulnerability exists in the import module of SugarCRM. The vulnerability stems from a lack of input validation. An attacker can exploit the vulnerability to inject custom PHP code...

CVE-2019-17316

SugarCRM before 8.0.4 and 9.x before 9.0.2 allows PHP object injection in the Import module by a Regular user...