GHSA-2HJR-FG6C-V2H6 Unauthorized access to Class instance in Jinjava

Jinjava before 2.5.4 allow access to arbitrary classes by calling Java methods on objects passed into a Jinjava context. This could allow for abuse of the application class loader, including Arbitrary File Disclosure...

PT-2022-15515 · Sap · Sap Business Objects Web Intelligence

Name of the Vulnerable Software and Affected Versions: SAP Business Objects Web Intelligence BI Launchpad version 420 Description: The issue arises from improper HTML encoding in input control summary, allowing an authorized attacker to execute a cross-site scripting XSS attack. Recommendations:...

PrinterLogic Web Stack Insecure Direct Object Reference (IDOR) Vulnerability (CNVD-2022-11104)

PrinterLogic Web Stack PrinterLogic Printer Installer is a native Web application from PrinterLogic, Inc. It enables the It department to manage and automate the creation/dissemination of printer Objects and printer drivers across print environments from a single management console. PrinterLogic...

SAP NetWeaver Application Server 资源管理错误漏洞

SAP NetWeaver Application Server is an application server from SAP, Germany. A resource management error vulnerability exists in SAP NetWeaver Application Server, which can be exploited by an attacker to compromise vulnerable systems including Business Objects, SAP CRM Web Channel, SAP CRM, SAP...

Sap Crm Web Channel 信息泄露漏洞

Sap Crm Web Channel is an e-commerce management system from SAP Germany. It is used to transform the Internet into profitable sales and provide customer satisfaction and convenience to business partners. An information disclosure vulnerability exists in SAP CRM Web Channel, which can be exploited...

SAP ERP HCM 安全漏洞

SAP ERP HCM is an enterprise human resource management solution from SAP, Germany. A security vulnerability exists in SAP ERP HCM that can be exploited by attackers to compromise vulnerable systems, including Business Objects, SAP CRM Web Channel, SAP CRM, SAP ERP, NetWeaver, ASE...

SAP 3D Visual Enterprise Viewer 输入验证错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D view viewer from SAP, Germany. The software supports publishing of 2D and 3D scenes in all industry-standard desktop applications and supports separate installations with standalone executables and ActiveX space. An input validation error vulnerability exis...

SAP Solution Manager 安全漏洞

SAP Solution Manager is a system management platform from SAP Germany that integrates system monitoring, SAP support desktops, self-service, ASAP implementation, etc. SAP Solution Manager has a security vulnerability that can be exploited by attackers to compromise vulnerable systems, including...

SAP NetWeaver AS SQL注入漏洞

SAP NetWeaver AS is a SAP network application server from SAP. It not only provides network services, but also the basic platform for SAP software. SAP NetWeaver AS has a SQL injection vulnerability that can be exploited by attackers to threaten vulnerable systems, including Business Objects, SAP...

SAP多个产品环境问题漏洞

SAP NetWeaver Application Server Java is an application server that provides a Java runtime environment.SAP NetWeaver Application Server is an application server.SAP ERP is a series of software for ERP management.SAP CRM is a customer relationship management system. SAP NetWeaver Application Serv...

SAP多个产品环境问题漏洞

SAP NetWeaver Application Server Java and SAP NetWeaver Application Server are both products of SAP Germany.SAP NetWeaver Application Server Java is an application server that provides a Java runtime environment. SAP NetWeaver Application Server Java is an application server that provides a Java...

SAP Business Objects Web Intelligence 跨站脚本漏洞

SAP Business Objects Web Intelligence is a centralized suite from SAP, a German company used for data reporting, visualization and sharing. SAP Business Objects Web Intelligence is vulnerable to a cross-site scripting vulnerability that could be exploited by attackers to compromise vulnerable...

SAP多个产品输入验证错误漏洞

SAP 3D Visual Enterprise Viewer is a 3D viewer, SAP ERP is a series of software for ERP management, SAP CRM is a customer relationship management system, Sap Crm Web Channel is an e-commerce management system. Sap Crm Web Channel is an e-commerce management system. An input validation error...

Cross-site Scripting (XSS) - Stored in pimcore/pimcore

Description The pimcore/pimcore package is an open source platform that provides PIM, MDM, CDP, DAM, DXP/CMS & Digital Commerce services. stored xss vulnerability occurs when you change the value of Abbreviation, Longname, Converter Service at "Settings" = "Data Objects" = "Quantity Value" in the...

Amazon S3 Bucket Detected

Amazon Simple Storage Service S3 is a public cloud storage service available in Amazon Web Services AWS which provides a programmatic way to store and retrieve data objects in storage containers called buckets. Web applications often rely on storage buckets to serve static assets images or script...

PrinterLogic Web Stack SQL注入漏洞

PrinterLogic Web Stack PrinterLogic Printer Installer is a native Web application from PrinterLogic USA, Inc. Enabling It departments to manage and automate the creation/propagation of PrinterObjects and printer drivers across print environments from a single management console. PrinterLogic Web...

PrinterLogic Web Stack 代码问题漏洞

PrinterLogic Web Stack PrinterLogic Printer Installer is a native web application from PrinterLogic, Inc. Enables It departments to manage and automate the creation/dissemination of Printer Objects and Printer Drivers across print environments from a single management console. A code issue...

Mageia: Security Advisory (MGASA-2017-0382)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-41766 Insecure Java Deserialization in Apache Karaf

Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions JMX. JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated...

WebACMS 2.1.0 Cross Site Scripting

Advisory ID: TO-2021-001 Product: WebACMS Vendor: AFI Solutions GmbH Tested Version: 2.1.0 Fixed Version: - Vulnerability Type: Cross-Site Scripting CWE-79 CVSSv2 Severity: AV:N/AC:L/Au:N/C:P/I:P/A:N Score 6.4 CVSSv3 Severity: AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Score 6.1 Solution Status: Unfixed...