10 matches found
Adobe Commerce Access Control Error Vulnerability
Adobe Commerce is the United States of America Odobie Adobe company's a business and brand-oriented global leader in digital commerce solutions. An Access Control Error vulnerability exists in Adobe Commerce that stems from improper access control and can be exploited by an attacker to bypass...
The vulnerability of Fortinet FortiOS operating systems stems from authentication mechanism flaws, which allow attackers to gain access to device configuration details and bypass existing security measures.
The vulnerability of Fortinet FortiOS operating systems is related to deficiencies in authentication mechanisms. Exploiting this vulnerability allows a malicious actor to gain access to device configuration information and bypass existing security measures...
XML External Entity (XXE)
phpoffice/phpspreadsheet is vulnerable to XML External Entity XXE. The vulnerability is due to a flawed XML encoding check in the toUtf8 function of the security scanner, allows crafted XML structures with whitespace to bypass the security measures intended to prevent XXE attacks...
CVE-2024-39419 A user without ship permissions can ship the orders
Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and modify minor information...
Rocky Linux 8 : sqlite (RLSA-2021:4396)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4396 advisory. - Insufficient data validation in SQLite in Google Chrome prior to 79.0.3945.79 allowed a remote attacker to bypass defense-in-depth measures via a...
Vulnerabilities fixed in F5 products
Vulnerabilities have been fixed in products from F5, including BIG-IP and Traffix SDC. The vulnerabilities allow a malicious able to launch attacks that result in the following categories of damage: Cross-Site Request Forgery XSRF. Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of...
FLASH zero-day Vulnerability CVE-2018-5002 in the Middle East directed network attacks exploit-vulnerability warning-the black bar safety net
! Recently, ICEBRG security research team SRT identified Adobe Flash 0 day Vulnerability CVE-2018-5002-directional network attack behavior, the 0-day vulnerability is an attacker for the Middle East region, important individuals and organizations of network penetration. An attacker use the...
Cross site request forgery (csrf)
Umbraco before 7.4.0 allows remote attackers to bypass anti-forgery security measures and conduct cross-site request forgery CSRF attacks as demonstrated by editing user account information in the templates.asmx.cs file...
Tech-ex Ksion CMS through the kill vulnerability-vulnerability warning-the black bar safety net
Author :seraph Through the kill version :v6 all previous versions Vulnerability file :user/UpFileSave. asp Through their own configuration parameters AutoReName=3, can be uploaded file name to save as, by truncation can be obtained directly SHELL Limited, the background to the prohibition of the...
Debian Security Advisory DSA 089-1 (icecast-server)
The remote host is missing an update to icecast-server announced via advisory DSA 089-1. OpenVAS Vulnerability Test $Id: deb0891.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 089-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...