SiYuan 安全漏洞

SiYuan is a privacy-oriented personal knowledge management system developed by SiYuan itself. Versions of SiYuan prior to 3.5.10 contained security vulnerabilities. These vulnerabilities stemmed from insufficient permission checks for the/api/block/appendheadingChildren API endpoint, which could...

EUVD-2019-14864

Malware in sbrugna...

CVE-2020-36836

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

CVE-2020-7293

Privilege Escalation vulnerability in McAfee Web Gateway MWG prior to 9.2.1 allows authenticated user interface user with low permissions to change the system's root password via improper access controls in the user interface...

CVE-2020-7583

CVE-2020-7583 affects Automation License Manager 5 (all versions) and ALM 6 (all versions before 6.0.8). The root cause is improper privilege validation in certain operations, enabling a user with low privileges to arbitrarily modify files protected from writing (local access). CVSS v3.1 base sco...

Huawei Data Communication: Information Leakage Vulnerability on Some Huawei Products (huawei-sa-20191211-01-vrp)

There is an information leakage vulnerability on some Huawei products. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

CVE-2020-1811

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands...

Command injection

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands...

CVE-2020-1811

GaussDB 200 with version of 6.5.1 have a command injection vulnerability. Due to insufficient input validation, remote attackers with low permissions could exploit this vulnerability by sending crafted commands to the affected device. Successful exploit could allow an attacker to execute commands...

Information disclosure

There is an information leakage vulnerability on some Huawei productsAR120-S;AR1200;AR1200-S;AR150;AR150-S;AR160;AR200;AR200-S;AR2200;AR2200-S;AR3200;AR3600. An attacker with low permissions can view some high-privilege information by running specific commands.Successful exploit could cause an...

Shopify: H1514 Get access to non public information by pivoting with graphql queries

Hi security team, Summary: It is possible to pivot with queries to get access to information you shouldn't have access to according to docs located at https://help.shopify.com/en/api/graphql-admin-api/reference/queryroot Description: I will try to write up all the ones I can find related to...

Use a low-privileged Oracle database accounts give the OS access permissions-bug warning-the black bar safety net

Author:Mickey These days look at the article called"Penetration: from application down to OS Oracle"of the document,feel quite interesting,the document probably means that is,if the ORACLE service is using the administrator account to start,as long as you have a have resource and connect privileg...

Borrow from the administrator login penetration-vulnerability warning-the black bar safety net

Software author: withered Ling roseN. C. P. H Information source: evil octal information security team The most important experience is that we have a thought:the administrator how to get in,we'll how to get in. This station of penetration is relatively slow,it took more than a week. The site ver...