22 matches found
GHSA-X628-457G-2PW9 Admidio has IDOR in `documents-files.php` `mode=move_save` that lets any folder-uploader exfiltrate files from private folders
Summary modules/documents-files.php gates state-changing modes by checking that the actor has hasUploadRight on the URL parameter folderuuid. The movesave handler then operates on a separate URL parameter fileuuid and calls File::moveToFolder$destFolderUUID. File::moveToFolder checks the upload...
PT-2026-45040
Summary modules/documents-files.php mode file rename save shares the same root-cause shape as the cross-folder move bug 05-documents-cross-folder-move-idor.md: the top-level rights check at lines 79-89 validates hasUploadRight on the URL parameter folder uuid, but the rename operation acts on fil...
SUSE-SU-2025:20919-1 Security update for kernel-livepatch-MICRO-6-0-RT_Update_11
This update for kernel-livepatch-MICRO-6-0-RTUpdate11 fixes the following issues: - CVE-2025-38566: sunrpc: fix handling of server side tls alerts bsc1248376 - CVE-2025-38499: cloneprivatemnt: make sure that caller has CAPSYSADMIN in the right userns bsc1248673 - CVE-2025-38678: netfilter:...
EUVD-2019-17689
Malware in sbrugna...
EUVD-2023-39923
Malicious code in bioql PyPI...
EUVD-2023-38209
Malicious code in bioql PyPI...
EUVD-2023-38210
Malicious code in bioql PyPI...
CVE-2025-32971
XWiki is a generic wiki platform. In versions starting from 4.5.1 to before 15.10.13, from 16.0.0-rc-1 to before 16.4.4, and from 16.5.0-rc-1 to before 16.8.0-rc-1, the Solr script service doesn't take dropped programming rights into account. The Solr script service that is accessible in XWiki's...
CVE-2024-21648
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17,...
PT-2024-34392 · Teampass · Teampass
Name of the Vulnerable Software and Affected Versions: TeamPass versions prior to 3.1.3.1 Description: The issue arises when retrieving information about access rights for a folder. TeamPass does not properly check whether a folder is in a user's allowed folders list that has been defined by an...
CVE-2024-50701
Summary : CVE-2024-50701 affects TeamPass prior to 3.1.3.1. The vulnerability arises when retrieving folder access rights, where the system does not properly verify whether a folder belongs to the user’s admin-defined allowed folders list. Affected software : nilsteampassnet/teampass (TeamPass) p...
UBUNTU-CVE-2023-35940
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.8, an incorrect rights check on a file allows an unauthenticated user to be able to access dashboards data. Version 10.0.8 contains a patch for this issue...
Design/Logic Flaw
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue...
UBUNTU-CVE-2023-34107
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue...
CVE-2023-34107 GLPI vulnerable to unauthorized access to KnowbaseItem data
GLPI is a free asset and IT management software package. Versions of the software starting with 9.2.0 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user, allows access to the view all KnowbaseItems. Version 10.0.8 has a patch for this issue...
Design/Logic Flaw
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should...
UBUNTU-CVE-2023-34106
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should...
CVE-2023-34106 GLPI vulnerable to unauthorized access to User data
GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on a file accessible by an authenticated user. This allows access to the list of all users and their personal information. Users should...
PT-2023-24678 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.2.0 through 10.0.7 Description: The issue is related to an incorrect rights check on a file accessible by an authenticated user, allowing access to view all KnowbaseItems. Recommendations: For versions 9.2.0 through 10.0.7,...
PT-2023-3797 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.7 Description: The issue is related to an incorrect rights check on a file in GLPI, a free asset and IT management software package. This allows an unauthenticated user to access dashboards data. The problem i...