242 matches found
CVE-2024-27915 Sulu grants access to pages regardless of role permissions
Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...
CVE-2024-27915 Sulu grants access to pages regardless of role permissions
Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The...
Sulu grants access to pages regardless of role permissions
Impact What kind of vulnerability is it? Who is impacted? Access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. Patches Has the problem been patched? What versions...
CVE-2021-31314
File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...
CVE-2021-31314
File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...
CVE-2021-31314
The CVE-2021-31314 entry concerns ejinshan v8+ terminal security system and is a file upload vulnerability that allows an attacker to upload arbitrary files to arbitrary locations on the server. The NVD/Red Hat/CNNVD entries corroborate an unrestricted file upload issue affecting ejinshan v8+; th...
CVE-2021-31314
File upload vulnerability in ejinshan v8+ terminal security system allows attackers to upload arbitrary files to arbitrary locations on the server...
Arbitrary File Read Vulnerability in Electronic Document Security Management System of Beijing Yisetong Technology Development Co., Ltd (CNVD-2024-08160)
Electronic document security management system is a controllable authorization of electronic document security sharing management system, using real-time dynamic encryption and decryption protection technology and real-time rights recovery mechanism, to provide all kinds of electronic documents...
Command Execution Vulnerability in Isthmus Electronic Document Security Management System (CNVD-2024-03256)
Beijing Yisaitong Science and Technology Development Co., Ltd. is an enterprise mainly engaged in science and technology promotion and application service industry. A command execution vulnerability exists in the Yisetong Electronic Document Security Management System, which can be exploited by a...
Okta: Breach Affected All Customer Support Users
When KrebsOnSecurity broke the news on Oct. 20, 2023 that identity and authentication giant Okta had suffered a breach in its customer support department, Okta said the intrusion allowed hackers to steal sensitive data from fewer than one percent of its 18,000+ customers. But today, Okta revised...
What is a Cloud Native Application Protection Platform CNAPP ?
Revealing the Secrets of the Cloud-specific Application Safety Platform CSASP In the landscape of online safety, the notion of the Cloud-specific Application Safety Platform CSASP is something relatively unheard of, but rapidly gaining popularity. Intuitively from its name, CSASP is a system...
CVE-2023-39842
Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...
Design/Logic Flaw
Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...
CVE-2023-39842
CVE-2023-39842 concerns the Digoo DG-HAMB Smart Home Security System (v1.0) where the RFID tag lacks encryption, enabling an attacker to clone a tag with only brief physical proximity to the device. The NVD entry records a CVSSv3.1 base score of 2.4 (LOW) with AV:P, AC:L, PR:N, UI:N, S:U, C:N, I:...
CVE-2023-39842
Missing encryption in the RFID tag of Digoo DG-HAMB Smart Home Security System v1.0 allows attackers to create a cloned tag via brief physical proximity to the original device...
CVE-2023-39551
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php...
Sulu Observable Response Discrepancy on Admin Login
Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...
GHSA-WMWF-49VV-P3MR Sulu Observable Response Discrepancy on Admin Login
Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...
Observable Response Discrepancy on Admin Login
Impact It allows over the Admin Login form to detect which user username, email exists and which one do not exist. Impacted by this issue are Sulu installation = 2.5.0 and getMessage; instead the $exception-getMessageKey; References Currently no references...
CVE-2022-20565
Removed by vendor...