Quest KACE Systems Management Appliance 安全特征问题漏洞

The Quest KACE Systems Management Appliance Quest KACE SMA is an automated and simplified IT systems management platform from Quest Corporation. A security vulnerability exists in the Quest KACE Systems Management Appliance SMA version 12.0 and prior versions, which stems from a predictable token...

Full Read Server-Side Request Forgery (SSRF)

Description In the recipe edit page, is possible to upload an image directly or via an URL provided by the user. The function that handles the fetching and saving of the image via the URL doesn't have any URL verification, which allows to fetch internal services. \ \ Furthermore, after the resour...

CVE-2022-24406

OX App Suite through 7.10.6 allows SSRF because multipart/form-data boundaries are predictable, and this can lead to injection into internal Documentconverter API calls...

Spryker Commerce OS Remote Command Execution Vulnerability

Spryker Commerce OS with spryker/http module versions prior to 1.7.0 suffer from a remote command execution vulnerability due to a predictable value in use. Title ===== SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE referenc...

Spryker Commerce OS Remote Command Execution

Title ===== SCHUTZWERK-SA-2022-003: Remote Command Execution in Spryker Commerce OS Status ====== PUBLISHED Version ======= 1.0 CVE reference ============= CVE-2022-28888 Link ==== https://www.schutzwerk.com/en/43/advisories/schutzwerk-sa-2022-003/ Text-only version:...

GHSA-768M-5W34-2XF5 LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...

SUSE-SU-2022:2336-1 Security update for resource-agents

This update for resource-agents fixes the following issues: - Fixed predictable log file in /tmp in mariadb.in bsc1146691...

SUSE-SU-2022:2335-1 Security update for resource-agents

This update for resource-agents fixes the following issues: - Fixed redictable log file in /tmp in mariadb.in bsc1146691...

CVE-2022-25047

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values...

CVE-2022-25047

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values...

CVE-2022-25047

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values...

Design/Logic Flaw

The password reset token in CWP v0.9.8.1126 is generated using known or predictable values...

CWP Panel 安全特征问题漏洞

CWP Panel is a modern and advanced Linux control panel from CWP Inc. for web hosting service providers and system administrators. A security vulnerability exists in CWP Panel version v0.9.8.1126, which stems from a password reset token being generated using known or predictable values...

PT-2022-17063 · Cwp · Cwp

Name of the Vulnerable Software and Affected Versions: CWP version 0.9.8.1126 Description: The password reset token is generated using known or predictable values. Recommendations: For CWP version 0.9.8.1126, consider disabling the password reset feature until a patch is available to prevent...

Cross site request forgery (csrf)

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

CVE-2022-35230

An authenticated user can create a link with reflected Javascript code inside it for the graphs page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

CVE-2022-35229

An authenticated user can create a link with reflected Javascript code inside it for the discovery page and send it to other users. The payload can be executed only with a known CSRF token value of the victim, which is changed periodically and is difficult to predict...

Exploit for Use of a One-Way Hash with a Predictable Salt in Redux Gutenberg_Template_Library_\&_Redux_Framework

Unauthenticated Sensitive Information Disclosure CVE-2021-38...

PT-2022-7528 · Gnutls +7 · Gnutls +7

Name of the Vulnerable Software and Affected Versions: Samba affected versions not specified Description: The issue is related to the function gnutls rnd in the GnuTLS package used by Samba, which generates insufficiently random values. This can potentially allow an attacker to gain access to...

WordPress Log WP_Mail plugin Information Disclosure Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...