257 matches found
CVE-2009-5041
overkill has buffer overflow via long player names that can corrupt data on the server machine...
CVE-2024-51445
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...
CVE-2024-51445
A vulnerability has been identified in Polarion V2310 All versions, Polarion V2404 All versions V2404.4. The affected application contains a XML External Entity Injection XXE vulnerability in the docx import feature. This could allow an authenticated remote attacker to read arbitrary data from th...
Pagure 安全漏洞
Pagure is a Pagure open source Git repository written in Python that provides web services. A security vulnerability exists in the Pagure server that originates from a malicious user committing a specially crafted git repository, which could lead to the disclosure of sensitive information on the...
Important: Red Hat Security Advisory: mod_auth_openidc:2.3 security update
An update for the modauthopenidc:2.3 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Oracle MySQL 安全漏洞
Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A security vulnerability exists in Oracle MySQL Server, which stems from improper handling of the Server: DDL component and can be exploited by an...
graphql-mesh 路径遍历漏洞
graphql-mesh is an application by Arda TANRIKULU Individual Developer. A path traversal vulnerability exists in graphql-mesh, which stems from a lack of checks in the static file handler that could lead to arbitrary file reads and leak server data...
CVE-2024-12086
A flaw was found in rsync. It could allow a server to enumerate the contents of an arbitrary file from the client's machine. This issue occurs when files are being copied from a client to a server. During this process, the rsync server will send checksums of local data to the client to compare wi...
SAP BusinessObjects Business Intelligence Platform 代码注入漏洞
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP, combining market-leading SAP data integration products, data management products and business intelligence products to eliminate system integration challenges and quickly and easily deploy...
PT-2025-1888 · WordPress · Host Php Info
Name of the Vulnerable Software and Affected Versions: Host PHP Info plugin for WordPress versions up to, and including, 1.0.4 Description: The issue allows unauthorized access to data due to a missing capability check when including the phpinfo function. This makes it possible for unauthenticate...
CVE-2024-9573
SQL injection vulnerability in SOPlanning 1.45, through /soplanning/www/groupelist.php, in the by parameter, which could allow a remote user to send a specially crafted query and extract all the information stored on the server...
CVE-2024-44760
Incorrect access control in the component /servlet/SnoopServlet of Shenzhou News Union Enterprise Management System v5.0 through v18.8 allows attackers to access sensitive information regarding the server...
CVE-2024-22217
A Server-Side Request Forgery SSRF vulnerability in Terminalfour before 8.3.19 allows authenticated users to use specific features to access internal services including sensitive information on the server that Terminalfour runs on...
UBUNTU-CVE-2024-21127
Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DDL. Supported versions that are affected are 8.0.37 and prior and 8.4.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...
SAP NetWeaver AS Information Disclosure Vulnerability
SAP NetWeaver AS is an SAP web application server from SAP. It not only provides network services, but also is the basic platform for SAP software. An information disclosure vulnerability exists in SAP NetWeaver AS Java GP-CORE version 7.5, which arises from an unauthenticated user being able to...
The vulnerability of the export plugin for Better PDF Exporter, a data processing center for Atlassian Jira Server and Data Center, allows a hacker to view arbitrary PDF files.
The vulnerability of the Better PDF Exporter plugin for exporting PDF files from Atlassian Jira Server and Data Center lies in insufficient testing of server-side requests. Exploiting this vulnerability could allow attackers to view arbitrary PDF files...
PT-2024-1525 · Oracle +8 · Mysql Server +7
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.35 and prior MySQL Server versions 8.2.0 and prior Description: The issue is related to insufficient input validation in the Server: DDL component of Oracle MySQL Server. It allows a high-privileged attacker with...
EFACEC UC 500 Information Disclosure Vulnerability
EFACEC UC 500 is a solution from EFACEC Portugal that provides an integrated and flexible communication gateway, automation platform and HMI solution for utility and industrial applications. The EFACEC UC 500 suffers from an information disclosure vulnerability that originates from the possibilit...
PT-2023-8109 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a lack of protection for service data in the Windows operating system's DHCP server service. This can be exploited by a remote attacker to disclose protected...
CVE-2023-20272
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this...