9 matches found
Information Disclosure
oro/crm-call-bundle is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and gain unauthorized access to sensitive information, such as customer call logs and personal data...
Improper Access Control
oro/calendar-bundle is vulnerable to Improper Access Control. The vulnerability exists due to the lack of permission checks in the checkPermissions function of SystemCalendarEventController.php. This allows back-office users to access information from any system calendar event, bypassing ACL...
CVE-2023-32064
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and...
Security feature bypass
OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and...
OroCalendarBundle has incorrect system calendar events visibility
OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...
GHSA-X2XM-P6VQ-482G OroCalendarBundle has incorrect system calendar events visibility
OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...
CVE-2013-3906 : Zero Day Vulnerability in Microsoft Graphics Component
Microsoft has issued a temporary fix for a 0day vulnerability that can be exploited to install malware via infected Word documents. A Zero-day Remote code execution flaw, which has been dubbed CVE-2013-3906, exploits a vulnerability in a Microsoft graphics component, to target Microsoft Office...
Get Ready for Microsoft 13 updates for August Patch Tuesday
Get Ready for Microsoft 13 updates for August Patch Tuesday Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another "critical" bulletin affects Windows server operating...
Microsoft JET 3.53.514.0 - VBA Shell
Microsoft JET 3.53.514.0 - VBA Shell source: https://www.securityfocus.com/bid/548/info A vulnerability affects Microsoft's Jet 3.51 and 4.0 driver MSJET35.DLL and MSJET40.DLL. This vulnerability could allow an attacker to create malicious '.xls' or '.doc' files incorporating VBA shell commands...