CVE-2024-12871

An XSS vulnerability in infiniflow/ragflow version 0.12.0 allows an attacker to upload a malicious PDF file to the knowledge base. When the file is viewed within Ragflow, the payload is executed in the context of the user's browser. This can lead to session hijacking, data exfiltration, or...

CVE-2024-21006

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic...

CVE-2024-48920

PutongOJ is online judging software. Prior to version 2.1.0-beta.1, unprivileged users can escalate privileges by constructing requests. This can lead to unauthorized access, enabling users to perform admin-level operations, potentially compromising sensitive data and system integrity. This probl...

EulerOS 2.0 SP8 : python-urllib3 (EulerOS-SA-2024-1296)

According to the versions of the python-urllib3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs...

CVE-2022-2660

Delta Industrial Automation DIALink versions 1.4.0.0 and prior are vulnerable to the use of a hard-coded cryptographic key which could allow an attacker to decrypt sensitive data and compromise the machine...

CVE-2021-38150

When an attacker manages to get access to the local memory, or the memory dump of a victim, for example by a social engineering attack, SAP Business Client versions - 7.0, 7.70, will allow him to read extremely sensitive data, such as credentials. This would allow the attacker to compromise the...

Masque iOS Vulnerability Disclosed

The vulnerability used in the WireLurker attacks has been uncovered and was reported to Apple in July but has yet to be patched, a researcher at FireEye said. Today’s disclosure of the Masque attack, which affects iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta, revealed that Apple mobile devices are...

CVE-2014-4872

BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configuration information via a .NET Remoting request to 1 FileStorageService or 2 ConfigurationService...

[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver

ESNC-2013-004 Remote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver Please refer to http://www.esnc.de for the original security advisory, updates and additional information. ------------------------------------------------------------------------ 1. Business Impact...

Cross Site Scripting vulnerability in Diferior

Vulnerability ID: HTB22722 Reference: http://www.htbridge.ch/advisory/crosssitescriptingvulnerabilityindiferior.html Product: Diferior Vendor: Povilas Musteikis http://www.diferior.com/ Vulnerable Version: 8.03 and probably prior versions Vendor Notification: 25 November 2010 Vulnerability Type:...

Etomite 1.1 SQL,XSS,and file include vulnerabilities and fixes-vulnerability warning-the black bar safety net

Due to thevulnerabilityexists in“/index.php”the script has not been filtered will provide a search variable input. The attacker can modify the application the SQL query to the database, execute arbitrary queries of the database, compromise the application, access or modify sensitive data, or use ...

FacilCMS <= 0.1RC2 Multiple Vulnerabilities - Active Check

FacilCMS is prone to multiple SQL injection SQLi and information disclosure vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...