39 matches found
CVE-2020-1891
A user controlled parameter used in video call in WhatsApp for Android prior to v2.20.17, WhatsApp Business for Android prior to v2.20.7, WhatsApp for iPhone prior to v2.20.20, and WhatsApp Business for iPhone prior to v2.20.20 could have allowed an out-of-bounds write on 32-bit devices...
CVE-2020-1765
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...
CVE-2020-1765
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...
Design/Logic Flaw
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...
CVE-2020-1765
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...
UBUNTU-CVE-2020-1765
An improper control of parameters allows the spoofing of the from fields of the following screens: AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. This issue affects: OTRS Community Edition 5.0.x version 5.0.39 and prior versions; 6.0.x version 6.0.24 and...
CVE-2020-1765
CVE-2020-1765 affects OTRS Open Source Ticket Request System. An improper control of parameters allows spoofing of the From fields in AgentTicketCompose, AgentTicketForward, AgentTicketBounce and AgentTicketEmailOutbound. Public advisories describe affected product lines: OTRS Community Edition 5...
PT-2020-15042 · Otrs +2 · Otrs Community Edition +2
Name of the Vulnerable Software and Affected Versions: OTRS Community Edition versions 5.0.0 through 5.0.39 OTRS Community Edition versions 6.0.0 through 6.0.24 OTRS Community Edition versions 7.0.0 through 7.0.13 Description: The issue allows for the spoofing of the 'from' fields in several...
DEBIAN-CVE-2019-14889
A flaw was found with the libssh API function sshscpnew in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence...
Siemens Desigo PX Devices
1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION : Exploitable remotely/low skill level to exploit Vendor : Siemens Equipment : Desigo PX Devices Vulnerability : External Control of Assumed-Immutable Web Parameter 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker...
python-urllib3: CRLF injection due to not encoding the '\r\n' sequence leading to possible attack on internal service
In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter...
SQLAlchemy is vulnerable to SQL Injection via group_by parameter
SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...
CVE-2019-7548
SQLAlchemy 1.2.17 has SQL Injection when the groupby parameter can be controlled...
客客专业威客系统程序xss漏洞
简要描述: 参数完全没控制. 之前有个selfxss不给我审核过.. 详细说明: /control/user/shopsetting.php $shopname, 'shopslogans' =$shopslogans, 'seotitle' =$seotitle, 'seokeyword' =$seokeyword, 'seodesc' =$seodesc, ; $intRes = $objShopT-save$arrData,array'shopid'=$shopInfo'shopid'; unset$objShopT;...
CVE-2013-1859
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...
Design/Logic Flaw
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...
CVE-2013-1859
The Node Parameter Control module 6.x-1.x for Drupal does not properly restrict access to the configuration options, which allows remote attackers to read and edit configuration options via unspecified vectors...
CVE-2013-1859
The vulnerability CVE-2013-1859 affects the Drupal contributed module Node Parameter Control (6.x-1.x). The module does not properly restrict access to its configuration options, enabling remote attackers to read and edit configuration via unspecified vectors. All 6.x-1.x versions are affected; D...
SA-CONTRIB-2013-034 - Node Parameter Control - Access Bypass
This module enables you to limit the visibility of the fields on the node edit form. The module doesn't sufficiently check access before allowing users to view and edit the configuration options allowing anonymous and authenticated users the ability to view and edit the configuration options. CVE...