Pimcore SQL注入漏洞

Pimcore is Austria Pimcore company's set of open source for creating and managing Web applications Web content management platform. The platform integrates Web content management, e-commerce frameworks and product information management applications. A SQL injection vulnerability exists in Pimcor...

SQL injection in Data Objects function

Description Log in as an admin, go to Data Objects function, and perform a sort action. Observer the request on Burpsuite and injection point is the 'sort' parameter Proof of Concept POC request that makes the application sleep for 5 seconds Data Objects function payload:...

Kofax Power PDF clearInterval Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of ap...

PT-2023-26295 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a maliciou...

PT-2023-5451 · Foxit · Foxit Pdf Reader +1

Name of the Vulnerable Software and Affected Versions: Foxit PDF Reader affected versions not specified Foxit PDF Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the...

CVE-2023-33990

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a...

CVE-2023-33990 Denial of Service (DoS) vulnerability in SAP SQL Anywhere

SAP SQL Anywhere - version 17.0, allows an attacker to prevent legitimate users from accessing the service by crashing the service. An attacker with low privileged account and access to the local system can write into the shared memory objects. This can be leveraged by an attacker to perform a...

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including. Business Objects, ECC, HANA, Netweaver, Business Warehouse and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...

SAP BusinessObjects Business Intelligence Platform 安全漏洞

SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...

PT-2023-4097 · Sap · Sap Businessobjects Business Intelligence Platform

Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform versions 420, 430 Description: The issue allows an unauthorized attacker who has hijacked a user session to bypass the victim's old password via brute force due to an unrestricted rate limit...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-2320)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2023-2340)

According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...

PYSEC-2023-114

DISPUTED A use-after-free issue was discovered in PyFindObjects function in SciPy versions prior to 1.8.0. NOTE: the vendor and discoverer indicate that this is not a security issue...

SciPy 资源管理错误漏洞

SciPy is an open source Python algorithm library and math, science, and engineering computation package developed by the Scipy community, which includes modules for linear algebra, integration, special functions, and other computations. A security vulnerability exists in SciPy versions prior to...

CVE-2023-25399

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in PyFindObjects function. Note: This is disputed as a bug and not a vulnerability. SciPy is not designed to be exposed to untrusted users or data directly...

PYSEC-2023-102

A refcounting issue which leads to potential memory leak was discovered in scipy commit 8627df31ab in PyFindObjects function...

Denial Of Service (DoS)

productscmfcore is vulnerable to Denial of Service DoS attacks. A malicious user is able to cause an application crash via injecting malicious input through the PortalFolder objects...

DEBIAN-CVE-2023-37202

Cross-compartment wrappers wrapping a scripted proxy could have caused objects from other compartments to be stored in the main compartment resulting in a use-after-free. This vulnerability affects Firefox 115, Firefox ESR 102.13, and Thunderbird 102.13...

CVE-2023-36814 zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module

Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...

CVE-2023-36814 zopefoundation's Products.CMFCore vulnerable to unauthenticated denial of service and crash via unchecked use of input with Python's marshal module

Products.CMFCore are the key framework services for the Zope Content Management Framework CMF. The use of Python's marshal module to handle unchecked input in a public method on PortalFolder objects can lead to an unauthenticated denial of service and crash situation. The code in question is...