Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Summary Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardles...

GHSA-7FH7-8XQM-3G88 Admidio allows Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Summary Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently ignore all .htaccess files. As a result, any file uploaded to the documents module regardles...

CVE-2026-34381 Admidio: Unauthenticated Access to Role-Restricted documents via neutralized .htaccess

Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, Admidio relies on admmyfiles/.htaccess to deny direct HTTP access to uploaded documents. The Docker image ships with AllowOverride None in the Apache configuration, which causes Apache to silently igno...

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...

Information Disclosure

org.elasticsearch.plugin: x-pack-security is vulnerable to Information Disclosure. The vulnerability arises from the failure to enforce search restrictions during cross-cluster searches when an API key grants both search and replication rights to an index, which allows an attacker to access...

CVE-2023-6376

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents...

Design/Logic Flaw

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents...

Henschen & Associates court document management software Security Feature Issue Vulnerability

Henschen & Associates court document management software is a court document management software from Henschen & Associates. A security vulnerability exists in Henschen & Associates court document management software, which arises from insufficient randomization of the filenames of cached...

SUSE CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

CVE-2022-41263

Due to a missing authentication check, SAP Business Objects Business Intelligence Platform Web Intelligence - versions 420, 430, allows an authenticated non-administrator attacker to modify the data source information for a document that is otherwise restricted. On successful exploitation, the...

SAP Business Objects Business Intelligence Platform 跨站请求伪造漏洞

SAP Business Objects Business Intelligence Platform is a suite of business intelligence software and enterprise performance solutions from SAP, Germany. The product features report generation, analytics, and data visualization. A cross-site request forgery vulnerability exists in SAP Business...

PT-2022-24674 · Pdftron Systems +1 · Pdftron +1

Name of the Vulnerable Software and Affected Versions: M-Files Hubshare versions prior to 3.3.11.3 Description: The issue concerns broken access controls on PDFtron data, allowing unauthenticated attackers to access restricted PDF files via a known URL. Recommendations: For versions prior to...

PT-2020-19345 · Elastic · Elasticsearch

Name of the Vulnerable Software and Affected Versions: Elasticsearch versions prior to 6.8.13 Elasticsearch versions prior to 7.9.2 Description: The issue is related to a document disclosure flaw when Document or Field Level Security is used in Elasticsearch. Search queries do not properly preser...

Mozilla Firefox Same Origin Protection Bypass Vulnerability

Mozilla Firefox browser Firefox is a free, open source browser for Windows, Linux and MacOSX platforms. A PDF viewer same-origin protection bypass vulnerability exists in Mozilla Firefox. A remote attacker can exploit this vulnerability to bypass the PDF viewer's same-origin restriction and view...

UBUNTU-CVE-2018-5157

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR 52.8 an...

PT-2018-9753 · Flexpaper +1 · Flexpaperviewer +1

Name of the Vulnerable Software and Affected Versions: Vaultize Enterprise File Sharing version 17.05.31 Description: An issue was discovered where an attacker can exploit missing authorization on the FlexPaperViewer SWF reader. This allows the attacker to export files that should have been...

OpenDocMan 1.2.6.2 SQL Injection / Access Bypass

1 - Unprotected id parameter ----------------------------- In check-in.php the id variable is not filtered so that one can put in additional SQL statements. I have been able to get a UNION SELECT query to run but I do not think it's exploitable because there is a second query that runs with the i...

Дырка в SiteMinder

С помощью специально сконструированной URL можно получить доступ к закрытым документам, кроме того, можно получить исходные тексты CGI-приложений...