Admidio is Missing Authorization on Forum Topic and Post Deletion

Summary The forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topicdelete and postdelete actions in forum.php only validate the CSRF token but perform no authorization check before calling delete. Any authenticated user with...

Django Security Vulnerabilities

Django is a set of open source web application frameworks based on the Python language from the Django Foundation. The framework includes an object-oriented mapper, view system, template system, and more. A security vulnerability exists in Django version 5.0 up to and including 5.0.7, and version...

LabCup 授权问题漏洞

LabCup is a laboratory and research organization software management system from LabCup Ireland. It helps academic researchers and safety officers with chemical inventory management, risk assessment and compliance. An authorization issue vulnerability exists in LabCup, which arises from the abili...

CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

CVE-2011-3591

CVE-2011-3591 describes multiple XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5. An authenticated user can inject arbitrary script/HTML via a crafted row that triggers an improperly constructed confirmation message after inline editing and save operations, related to the files js/functions....

CVE-2011-3591

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin 3.4.x before 3.4.5 allow remote authenticated users to inject arbitrary web script or HTML via a crafted row that triggers an improperly constructed confirmation message after inline-editing and save operations, related to 1...

CVE-2013-2249

modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...

CVE-2013-2249

modsessiondbd.c in the modsessiondbd module in the Apache HTTP Server before 2.4.5 proceeds with save operations for a session without considering the dirty flag and the requirement for a new session ID, which has unspecified impact and remote attack vectors...