14 matches found
EUVD-2014-0049
Malware in sbrugna...
PYSEC-2025-178
OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...
PYSEC-2025-178
OpenCTI is an open-source cyber threat intelligence platform. In versions starting from 6.4.8 to before 6.4.10, the allow/deny lists can be bypassed, allowing a user to change attributes that are intended to be unmodifiable by the user. It is possible to toggle the external flag on/off and change...
Improper Attribute Access
twig/twig is vulnerable to improper attribute access. The vulnerability is due to insufficient security checks via the property policy and the isset method on Array-like objects, allowing attackers to bypass the sandbox's security policy and access restricted attributes...
Linux kernel 安全漏洞
Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an underflow issue when writing restricted attributes...
GHSA-879R-7F3W-8JJ3 Plone and Zope2 vulnerable to unauthorized access to restricted attributes
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors...
Plone and Zope2 vulnerable to unauthorized access to restricted attributes
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors...
Management: Limited RBAC authorization bypass
It was discovered that the Role Based Access Control RBAC implementation did not sufficiently verify all authorization conditions that are required by the Maintainer role to perform certain administrative actions. An authenticated user with the Maintainer role could use this flaw to add, modify, ...
Red Hat JBoss Enterprise Application Platform Role Based Access Control Component Security Bypass Vulnerability
Red Hat JBoss Enterprise Application Platform is an open source, J2EE-based middleware platform for building, deploying, and hosting Java applications and services.JBoss Application Server AS, also known as WildFly is an open source JavaEE-based application server; the JacORB subsystem is a...
CVE-2014-7849
The Role Based Access Control RBAC implementation in JBoss Enterprise Application Platform EAP 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer...
CVE-2012-5489
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors...
PYSEC-2014-74
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors...
PYSEC-2014-31
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 3.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors...
PYSEC-2014-74
The App.Undo.UndoSupport.getrequestvarorattr function in Zope before 2.12.21 and 2.13.x before 2.13.11, as used in Plone before 4.2.3 and 4.3 before beta 1, allows remote authenticated users to gain access to restricted attributes via unspecified vectors...