Lucene search
K

9 matches found

Veracode
Veracode
added 2023/11/29 6:51 a.m.18 views

Information Disclosure

oro/crm-call-bundle is vulnerable to Information Disclosure. The vulnerability allows back-office users to bypass access control ACL restrictions and gain unauthorized access to sensitive information, such as customer call logs and personal data...

5CVSS7.1AI score0.00538EPSS
Exploits0References5Affected Software1
Veracode
Veracode
added 2023/11/29 6:20 a.m.16 views

Improper Access Control

oro/calendar-bundle is vulnerable to Improper Access Control. The vulnerability exists due to the lack of permission checks in the checkPermissions function of SystemCalendarEventController.php. This allows back-office users to access information from any system calendar event, bypassing ACL...

5CVSS6.8AI score0.00538EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2023/11/28 4:15 a.m.36 views

CVE-2023-32064

OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and...

5CVSS0.00497EPSS
Exploits0References1
Prion
Prion
added 2023/11/28 4:15 a.m.19 views

Security feature bypass

OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched in version 5.0.11 and...

4CVSS6.7AI score0.00497EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/11/27 11:29 p.m.16 views

OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...

5CVSS6.9AI score0.00538EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/11/27 11:29 p.m.70 views

GHSA-X2XM-P6VQ-482G OroCalendarBundle has incorrect system calendar events visibility

OroPlatform is a package that assist system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks...

5CVSS4.6AI score0.00538EPSS
Exploits0References5
The Hacker News
The Hacker News
added 2013/11/06 5:31 a.m.28 views

CVE-2013-3906 : Zero Day Vulnerability in Microsoft Graphics Component

Microsoft has issued a temporary fix for a 0day vulnerability that can be exploited to install malware via infected Word documents. A Zero-day Remote code execution flaw, which has been dubbed CVE-2013-3906, exploits a vulnerability in a Microsoft graphics component, to target Microsoft Office...

9.3CVSS7.6AI score0.84971EPSS
Exploits7
The Hacker News
The Hacker News
added 2011/08/05 12:12 p.m.12 views

Get Ready for Microsoft 13 updates for August Patch Tuesday

Get Ready for Microsoft 13 updates for August Patch Tuesday Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another "critical" bulletin affects Windows server operating...

8.1AI score
Exploits0
exploitpack
exploitpack
added 1999/07/29 12:0 a.m.19 views

Microsoft JET 3.53.514.0 - VBA Shell

Microsoft JET 3.53.514.0 - VBA Shell source: https://www.securityfocus.com/bid/548/info A vulnerability affects Microsoft's Jet 3.51 and 4.0 driver MSJET35.DLL and MSJET40.DLL. This vulnerability could allow an attacker to create malicious '.xls' or '.doc' files incorporating VBA shell commands...

7.4AI score
Exploits0
Rows per page
Query Builder