229 matches found
WordPress DTracker plugin content injection vulnerability (CNVD-2017-31142)
WordPress is the WordPress Software Foundation's set of blogging platforms developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL.DTracker is one of the plugins used to track site downloads. A content injection vulnerability exists in...
CVE-2016-10318
A missing authorization check in the fscryptprocesspolicy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of...
CVE-2016-10318
A missing authorization check in the fscryptprocesspolicy function in fs/crypto/policy.c in the ext4 and f2fs filesystem encryption support in the Linux kernel before 4.7.4 allows a user to assign an encryption policy to a directory owned by a different user, potentially creating a denial of...
CVE-2017-5372
The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...
Authorization
The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...
CVE-2017-5372
SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...
KMC Controls BAC-5051E Multiple Vulnerabilities
KMC Controls BAC-5051E is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
[ERPSCAN-15-009] SAP Afaria 7 XcListener - Missing authorization check
ERPSCAN Research Advisory ERPSCAN-15-009 SAP Afaria 7 XcListener - Missing authorization check Application: SAP Afaria 7 Versions Affected: SAP Afaria 7, probably others Vendor URL: http://SAP.com Bugs: Missing authorization check Sent: 09.12.2014 Reported: 09.12.2014 Vendor response: 10.12.2014...
SAP NetWeaver - Unauthorized logon page
Application: SAP NetWeaver Versions Affected: 7.00 7.0014.20050509144048.0000 Vendor URL: http://www.sap.com Bugs: Missing Authorization Check Exploits: NO Reported: 20.08.2010 Vendor response: 23.08.2010 Date of Public Advisory: 12.02.2014 Reference: SAP Security Note 1860923 Author: Alexander...