376 matches found
PT-2023-31146 · Microsoft · Asp.Net
Name of the Vulnerable Software and Affected Versions: Umbraco versions 7.0.0 through 7.15.10 Umbraco versions 8.0.0 through 8.18.8 Umbraco versions 10.0.0 through 10.6.9 Umbraco versions 11.0.0 through 11.4.9 Umbraco versions 12.0.0 through 12.1.9 Description: Umbraco is an ASP.NET content...
PT-2023-8658 · Atlassian · Jira
Name of the Vulnerable Software and Affected Versions: Better PDF Exporter for Jira Server and Jira Data Center versions 10.3.0 and before Description: The issue is related to insufficient server-side request validation in the Better PDF Exporter plugin for Atlassian Jira Server and Data Center...
Code injection
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...
CVE-2023-3747 Insufficient Validation on Override Codes for Always-Enabled WARP Mode
Zero Trust Administrators have the ability to disallow end users from disabling WARP on their devices. Override codes can also be created by the Administrators to allow a device to temporarily be disconnected from WARP, however, due to lack of server side validation, an attacker with local access...
PT-2023-25982 · Cloudflare · Cloudflare Warp
Name of the Vulnerable Software and Affected Versions: Cloudflare WARP affected versions not specified Description: The issue allows an attacker with local access to a device to extend the maximum allowed disconnected time of the WARP client granted by an override code. This is possible due to a...
Cloudflare Public Bug Bounty: Accessing apps protected via ZT's Access when user account is deleted/disabled even after clearing user session/seat
Server-side validation checks were implemented after access to SaaS apps protected via ZT's Access could be gained when a user account was deleted or disabled by preserving metadata of the Access JWT and using another active user account within the same organization, despite lacking proper...
Siemens RUGGEDCOM ROX Command Injection Vulnerability (CNVD-2023-60610)
RUGGEDCOM products offer a degree of robustness and reliability that sets the standard for communication networks deployed in harsh environments. A command injection vulnerability exists in the Siemens RUGGEDCOM ROX, which stems from a lack of server-side input validation, making the install-app...
Cloudflare Public Bug Bounty: Ability to bypass Admin override on Cloudflare WARP Android
A security vulnerability allowed an attacker with local access to an Android device running Cloudflare WARP to bypass the Admin override feature by changing the device's date and time settings. This allowed the attacker to extend the maximum allowed disconnected time of the WARP client granted by...
The vulnerability of the Magento Commerce software platform for developing and managing online stores stems from insufficient validation of incoming requests on the server side. This allows attackers to execute SSRF attacks.
The vulnerability of the software platform for developing and managing online stores Magento Commerce is related to insufficient validation of incoming requests on the server side. Exploiting this vulnerability allows a malicious actor to execute an SSRF attack remotely...
PT-2023-3415 · Unknown · Libreoffice
Name of the Vulnerable Software and Affected Versions: LibreOffice affected versions not specified Description: The issue is related to insufficient validation of requests on the server side, allowing attackers to access the file system using specially crafted ODT documents. This could enable the...
CVE-2023-34452
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...
Cross site scripting
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...
CVE-2023-34452 Grav vulnerable to Self Cross Site Scripting in /forgot_password
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...
CVE-2023-34452 Grav vulnerable to Self Cross Site Scripting in /forgot_password
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...
CVE-2023-34452 Grav vulnerable to Self Cross Site Scripting in /forgot_password
Grav is a flat-file content management system. In versions 1.7.42 and prior, the "/forgotpassword" page has a self-reflected cross-site scripting vulnerability that can be exploited by injecting a script into the "email" parameter of the request. While this vulnerability can potentially allow an...
CVE-2023-31923
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...
CVE-2023-31923
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...
CVE-2023-31923
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...
CVE-2023-31923
Suprema BioStar 2 before 2022 Q4, v2.9.1 has Insecure Permissions. A vulnerability in the web application allows an authenticated attacker with "User Operator" privileges to create a highly privileged user account. The vulnerability is caused by missing server-side validation, which can be...
CVE-2023-31923
Affected software: Suprema BioStar 2 (before 2022 Q4, v2.9.1). Vulnerability: Web application allows an authenticated user with "User Operator" privileges to create a highly privileged user account due to missing server-side validation. Impact: Potential full administrator privileges on the syste...