CVE-2023-32075 Pimcore vulnerable to Business Logic Errors in Customer automation rules

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

DEBIAN-CVE-2023-2617

A vulnerability classified as problematic was found in OpenCV wechatqrcode Module up to 4.7.0. Affected by this vulnerability is the function DecodedBitStreamParser::decodeByteSegment of the file qrcode/decoder/decodedbitstreamparser.cpp. The manipulation leads to null pointer dereference. The...

CVE-2018-17455

An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. Attackers could obtain sensitive information about group names, avatars, LDAP settings, and descriptions via an insecure direct object reference to the "merge request approvals"...

PT-2023-11518 · Phachon · Mm-Wiki

Name of the Vulnerable Software and Affected Versions: Phachon mm-wiki version 0.1.2 Description: A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the system/user/save parameter. Recommendations: For Phachon mm-wiki version 0.1.2, consider restricting acce...

PT-2023-2283 · 3Cx · 3Cx Desktopapp +2

Name of the Vulnerable Software and Affected Versions: 3CX DesktopApp versions 18.11.1213 through 18.12.416 3CX DesktopApp Electron Windows application versions 18.12.407 through 18.12.416 3CX DesktopApp Electron macOS application versions 18.11.1213 through 18.12.416 Description: The 3CX...

CVE-2023-1612 Rebuild list-file sql injection

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It...

PT-2023-17116 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.2.3 Description: A critical issue has been found in Rebuild, affecting some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely...

CVE-2023-1570

A vulnerability, which was classified as problematic, has been found in syoyo tinydng. Affected by this issue is the function interceptormemcpy of the file tinydngloader.h. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been...

PT-2023-10268 · Flame.Js · Flame.Js

Name of the Vulnerable Software and Affected Versions: flame.js affected versions not specified Description: A vulnerability has been found in flame.js, affecting an unknown part, which leads to cross site scripting. The manipulation can be initiated remotely. Recommendations: Apply a patch named...

SUSE CVE-2022-3621

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsbmaplookupatlevel of the file fs/nilfs2/inode.c of the component nilfs2. The manipulation leads to null pointer dereference. It is possible to launch the attack remotely. It is...

SUSE CVE-2022-3620

A vulnerability was found in Exim and classified as problematic. This issue affects the function dmarcdnslookup of the file dmarc.c of the component DMARC Handler. The manipulation leads to use after free. The attack may be initiated remotely. The name of the patch is...

SUSE CVE-2022-3646

A vulnerability, which was classified as problematic, has been found in Linux Kernel. This issue affects the function nilfsattachlogwriter of the file fs/nilfs2/segment.c of the component BPF. The manipulation leads to memory leak. The attack may be initiated remotely. It is recommended to apply ...

PT-2023-8556 · Sourcecodester · Sourcecodester Medical Certificate Generator App

Name of the Vulnerable Software and Affected Versions: SourceCodester Medical Certificate Generator App version 1.0 Description: The issue is related to a lack of protection against SQL query structure exploitation in the action.php script of the Medical Certificate Generator App. This allows a...

edra.com Cross Site Scripting vulnerability OBB-3182270

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2013-10018 fanzila WebFinance save_contact.php sql injection

A vulnerability was found in fanzila WebFinance 0.5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file htdocs/prospection/savecontact.php. The manipulation of the argument nom/prenom/email/tel/mobile/client/fonction/note leads to sql injectio...

PT-2023-18808 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter under "/front/person/profile.html". Recommendations: For...

PT-2023-15479 · Popojicms · Popojicms

Name of the Vulnerable Software and Affected Versions: PopojiCMS version 2.0.1 Description: The issue concerns a file upload vulnerability in the backend plugin function. Recommendations: For PopojiCMS version 2.0.1, consider disabling the file upload functionality in the backend plugin as a...

PT-2023-10001 · Clan7Ups · Clan7Ups

Name of the Vulnerable Software and Affected Versions: antonbolling clan7ups affected versions not specified Description: A critical issue was found in the Login/Session component, leading to sql injection. The estimated number of potentially affected devices worldwide is not available. There is ...

CVE-2016-15019 tombh jekbox server.rb exposure of information through directory listing

A vulnerability was found in tombh jekbox. It has been rated as problematic. This issue affects some unknown processing of the file lib/server.rb. The manipulation leads to exposure of information through directory listing. The attack may be initiated remotely. The patch is named...

PT-2023-10146 · Unknown · Noxxienl Criminals

Name of the Vulnerable Software and Affected Versions: NoxxieNl Criminals affected versions not specified Description: A critical issue was found in NoxxieNl Criminals, affecting an unknown function of the file ingame/roulette.php. The manipulation of the gambleMoney argument leads to sql...