DefectDojo 授权问题漏洞

DefectDojo is an application security and vulnerability management tool developed by DefectDojo. Versions of DefectDojo 2.55.4 and earlier contained a vulnerability related to authorization. This vulnerability stemmed from unknown functions within the Benchmark/Engagement/Product/Survey component...

PT-2024-30039 · Unknown · Warehouse Inventory System

Name of the Vulnerable Software and Affected Versions: Warehouse Inventory System version 2.0 Description: A Cross-Site Request Forgery CSRF issue in the edit product.php component allows attackers to escalate privileges. Recommendations: For Warehouse Inventory System version 2.0, consider...

PT-2024-30046 · Unknown · Warehouse Inventory System

Name of the Vulnerable Software and Affected Versions: Warehouse Inventory System version 2.0 Description: A Cross-Site Request Forgery CSRF issue in the delete product.php component allows attackers to escalate privileges. Recommendations: For Warehouse Inventory System version 2.0, consider...

VMware vRealize Operations Manager SSRF和文件读取漏洞（CVE-2021-21975 CVE-2021-21983）

Description On March 30, 2021, VMware published a security advisory for CVE-2021-21975 and CVE-2021-21983, two chainable vulnerabilities in its vRealize Operations Manager product. CVE-2021-21975 is an unauthenticated server-side request forgery SSRF, while CVE-2021-21983 is an authenticated...

Joomla com_virtuemart plugin 'id' parameter SQL injection vulnerability

Joomla is an open source content management system CMS. A SQL injection vulnerability exists in the mainproduct parameter of the Joomla comproduct component. An attacker can exploit the vulnerability to access or modify database data...