The vulnerability of the NetAct network management system lies in the improper limitation of XML links to external objects. This allows attackers to gain unauthorized access to protected information or perform SSRF attacks.

The vulnerability of the NetAct network management system is related to incorrect restrictions on XML links to external objects. Exploiting this vulnerability can allow a malicious actor to gain unauthorized access to protected information or perform an SSRF attack...

CVE-2023-28115

Snappy is a PHP library allowing thumbnail, snapshot or PDF generation from a url or a html page. Prior to version 1.4.2, Snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any...

PHAR deserialization allowing remote code execution

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

PHAR deserialization allowing remote code execution

Description snappy is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the fileexists function. If an attacker can upload files of any type to the server he can pass in the phar:// protocol to unserialize the uploaded file and instantiate arbitra...

ROS-20230317-03

A vulnerability in the Minio object store is related to improper enforcement of the bypass prohibition policy, with the removing a version identifier with the special header "X-Amz-Bypass-Governance-Retention: true". Exploitation of the vulnerability could allow an attacker acting remotely to gai...

The vulnerability of the Central Management Console (CMC) of the SAP Business Objects Business Intelligence Platform allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the Central Management Console CMC of the SAP Business Objects Business Intelligence Platform relates to incorrect elimination of special elements in output data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code and gain unauthorized access to...

SAP Cloud SDK for AI Python has OS Command Injection when Program Objects Execution is Enabled

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

GHSA-XXHH-59GH-6FFX SAP Cloud SDK for AI Python has OS Command Injection when Program Objects Execution is Enabled

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

CVE-2023-27896

In SAP BusinessObjects Business Intelligence Platform - version 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own CMS, leading to a high impact on availability...

CVE-2023-27271

In SAP BusinessObjects Business Intelligence Platform Web Services - versions 420, 430, an attacker can control a malicious BOE server, forcing the application server to connect to its own admintools, leading to a high impact on availability...

CVE-2023-25616

In some scenario, SAP Business Objects Business Intelligence Platform CMC - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact th...

PYSEC-2023-315

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

CVE-2023-25616

In some scenario, SAP Business Objects Business Intelligence Platform CMC - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact th...

CVE-2023-25617

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

Code injection

In some scenario, SAP Business Objects Business Intelligence Platform CMC - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact th...

CVE-2023-25617 OS Command Execution vulnerability in SAP Business Objects Business Intelligence Platform (Adaptive Job Server)

SAP Business Object Adaptive Job Server - versions 420, 430, allows remote execution of arbitrary commands on Unix, when program objects execution is enabled, to authenticated users with scheduling rights, using the BI Launchpad, Central Management Console or a custom application based on the...

CVE-2023-25616 Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

In some scenario, SAP Business Objects Business Intelligence Platform CMC - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact th...

CVE-2023-25616

CVE-2023-25616 affects SAP BusinessObjects BI Platform (CMC) versions 420 and 430 via a code injection vulnerability in the Program Object execution path. Root cause described as improper handling leading to code injection, enabling an attacker to access resources with extra privileges and potent...

CVE-2023-25616 Code Injection vulnerability in SAP Business Objects Business Intelligence Platform (CMC)

In some scenario, SAP Business Objects Business Intelligence Platform CMC - versions 420, 430, Program Object execution can lead to code injection vulnerability which could allow an attacker to gain access to resources that are allowed by extra privileges. Successful attack could highly impact th...

[SECURITY] Fedora 38 Update: kstars-3.6.3-1.fc38

KStars is a Desktop Planetarium. It provides an accurate graphical simulation of the night sky, from any location on Earth, at any date and time. The display includes up to 100 million stars, 13,000 deep-sky objects, all 8 planets, the Sun and Moon, and thousands of comets and asteroids...