126 matches found
Cups Easy cross-site scripting vulnerability (CNVD-2024-11129)
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the countryid parameter on the /cupseasylive/countrymodify.php page. An attacker could...
Cups Easy 跨站脚本漏洞
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the description parameter on the /cupseasylive/itemlist.php page. An attacker could use...
Cups Easy 跨站脚本漏洞
Cups Easy is a PHP-based purchasing and inventory software that may become a full-fledged ERP in the future. Cups Easy suffers from a cross-site scripting vulnerability that stems from insufficient escaping of the stateid parameter on the /cupseasylive/statecreate.php page. An attacker could use...
responsiblepurchasing.org Cross Site Scripting vulnerability OBB-3482843
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
american-purchasing.com Cross Site Scripting vulnerability OBB-3128335
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
September 13, 2022—KB5017373 (Security-only update)
September 13, 2022—KB5017373 Security-only update Summary Learn more about this security-only update, including improvements, any known issues, and how to get the update. IMPORTANT Windows 7, Windows Server 2008 R2, Windows Embedded Standard 7, and Windows Embedded POS Ready 7 have reached the en...
Malicious Package
Overview en-conduit-plugin-in-app-purchasing is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerab...
Platform Update: Build the Future on Akamai
Today, technology is infused into nearly everything we do. The data behind personalized recommendations, connected devices, and wearables has changed how we engage with the world around us — whether we’re driving to a new destination, purchasing from a new retailer, or monitoring our health...
Malicious user can DOS lock by falsely reaching maxNumberOfKeys using shareKey
Handle kenzo Vulnerability details A malicious user can call shareKey repeatedly, transferring miniscule amounts of his key to different accounts, thereby minting new keys until maxNumberOfKeys is reached. Impact Malicious user can grief and make lock purchasing become disabled. Proof of Concept ...
CVE-2021-41191
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...
CVE-2021-41191
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...
Code injection
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...
CVE-2021-41191 API giving out files without key
Roblox-Purchasing-Hub is an open source Roblox product purchasing hub. A security risk in versions 1.0.1 and prior allowed people who have someone's API URL to get product files without an API key. This issue is fixed in version 1.0.2. As a workaround, add @requireapikey in BOT/lib/cogs/website.p...
CVE-2021-41191
Summary of CVE-2021-41191 Roblox-Purchasing-Hub (open-source) had a vulnerability in versions 1.0.1 and earlier allowing someone who has another user’s API URL to obtain product files without an API key. The issue has been fixed in version 1.0.2. A workaround mentioned in the sources is to add an...
Roblox-Purchasing-Hub 安全漏洞
Roblox-Purchasing-Hub is a Roblox product purchasing center. A security vulnerability exists in Roblox-Purchasing-Hub that stems from a security risk in Roblox-Purchasing-Hub version 1.0.1 and earlier versions that allows someone with someone's API URL to obtain product files without an API key...
Vulnerabilities fixed in Oracle Peoplesoft products
Oracle has fixed vulnerabilities in the following PeopleSoft products: PeopleSoft Enterprise PT PeopleTools PeopleSoft Enterprise CS SA Integration Pack PeopleSoft Enterprise SCM Purchasing PeopleSoft Enterprise CS Academic Advisement PeopleSoft Enterprise CS Student Records. PeopleSoft Enterpris...
The vulnerability of the Endeca sub-component of the Oracle Purchasing component of the Oracle E-Business Suite allows a perpetrator to gain unauthorized access to the device.
The vulnerability of the Endeca sub-component of the Oracle Purchasing component of the Oracle E-Business Suite is related to errors in the code. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to the device through HTTP requests...
CVE-2021-2262
Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...
CVE-2021-2262
Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...
Design/Logic Flaw
Vulnerability in the Oracle Purchasing product of Oracle E-Business Suite component: Endeca. The supported version that is affected is 12.1.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Purchasing. Successful attacks of this...