Design/Logic Flaw

The File RepositoRy Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682...

Code injection

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SIPLATFORMSEARCHSERVERLOGONTOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905...

Design/Logic Flaw

The File Repository Server FRS CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681...

CVE-2014-9320

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SIPLATFORMSEARCHSERVERLOGONTOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905...

CVE-2015-7731

SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830...

CVE-2015-2074

The CVE-2015-2074 issue affects SAP BusinessObjects Edge 4.0: the File Repository Server (FRS) CORBA listener allows remote, unauthenticated writers to overwrite arbitrary files via a full pathname. Onapsis/SAP notes describe this vulnerability and patch SAP Note 2018681 with fixes for affected r...

CVE-2021-25954

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint...

UBUNTU-CVE-2021-25954

In “Dolibarr” application, 2.8.1 to 13.0.4 don’t restrict or incorrectly restricts access to a resource from an unauthorized actor. A low privileged attacker can modify the Private Note which only an administrator has rights to do, the affected field is at “/adherents/note.php?id=1” endpoint...

Dolibarr ERP/CRM 访问控制错误漏洞

Dolibarr ERP/CRM is a Web-based enterprise resource planning ERP and customer relationship management CRM system from the Dolibarr Foundation in France. The system can be used to manage products, inventory, invoices, orders, and more. An Access Control Error vulnerability exists in Dolibarr ERP/C...

PT-2021-3962 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions 2.8.1 through 13.0.4 Description: The issue is related to inadequate access control in the Dolibarr application, allowing a low-privileged attacker to modify the Private Note, which is only supposed to be accessible by...

CVE-2021-37916

Joplin before 2.0.9 allows XSS via button and form in the note body...

CVE-2021-37916

Joplin before 2.0.9 allows XSS via button and form in the note body...

AvosLocker enters the ransomware scene, asks for partners

This blog post was authored by Hasherezade In mid-July we responded to an incident that involved an attack on a Microsoft Exchange server. The threat actor used this entry point to get into a Domain Controller and then leveraged it as a springboard to deploy ransomware. While examining the...

OpenJDK: FTP PASV command response can cause FtpClient to connect to arbitrary host (Networking, 8258432)

Vulnerability in the Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Networking. Supported versions that are affected are Java SE: 7u301, 8u291, 11.0.11, 16.0.1; Oracle GraalVM Enterprise Edition: 20.3.2 and 21.1.0. Difficult to exploit vulnerability allows...

The vulnerability of the library for EXIF file grammar analysis in libexif, related to integer overflow, allows attackers to access confidential information or cause service failures.

The vulnerability of the library for grammatical analysis of EXIF files in libexif is related to a numerical overflow in the input data of the MNOTE input file. Exploiting this vulnerability can allow an attacker to gain access to confidential information or cause service failures...

Oracle Linux 7 / 8 : Unbreakable Enterprise kernel (ELSA-2021-9362)

The remote Oracle Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-9362 advisory. - bpf: Fix masking negation logic upon negative dst register Daniel Borkmann Orabug: 32911990 CVE-2021-31829 - Bluetooth: verify AMP hcichan before...

Security Bulletin: A security vulnerability has been identified in IBM Java SDK shipped with IBM InfoSphere Optim Performance Manager (CVE-2015-4872)

Summary IBM Java SKD is shipped as a component of IBM InfoSphere Optim Performance Manager. Information about a security vulnerability affecting IBM Java SDK has been published in a security bulletin. Vulnerability Details CVEID: CVE-2015-4872 DESCRIPTION: An unspecified vulnerability in Oracle...

CVE-2021-35298

Cross Site Scripting XSS in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information...

CVE-2021-35298

Cross Site Scripting XSS in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information...

CVE-2021-35298

Cross Site Scripting XSS in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information...