Schneider Electric PowerLogic ION Setup 安全漏洞

Schneider Electric PowerLogic ION Setup is a free, user-friendly configuration tool from Schneider Electric France. It provides an intuitive environment for setting up and verifying the settings of PowerLogic meters and other devices. A security vulnerability exists in Schneider Electric that ste...

Schneider Electric PowerLogic ION Setup 信任管理问题漏洞

Schneider Electric PowerLogic ION Setup is a free, user-friendly configuration tool from Schneider Electric France. It provides an intuitive environment for setting up and verifying the settings of PowerLogic meters and other devices. Schneider Electric is vulnerable to a trust management issue...

Schneider Electric PowerLogic ION Setup 输入验证错误漏洞

Schneider Electric PowerLogic ION Setup is a free, user-friendly configuration tool from Schneider Electric France. It provides an intuitive environment for setting up and verifying the settings of PowerLogic meters and other devices. An input validation error vulnerability exists in Schneider...

postgresql:10 security update

10.21-2 - Resolves: CVE-2022-1552 - Release bump due to wrongly reported CVE of libpq Build after reverted changes in libpq package 10.21-1 - Resolves: CVE-2022-1552 - Update to 10.21 - Release notes: https://www.postgresql.org/docs/release/10.21/ 10.19-2 - Add missing files into file section of...

Google XML Sitemaps < 4.1.3 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape a settings before outputting it in the Debug page, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in the "Try ...

phpMyAdmin Cross-Site Request Forgery (CSRF)

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page...

GHSA-4C9Q-64GQ-XHX4 phpMyAdmin Cross-Site Request Forgery (CSRF)

A CSRF issue in phpMyAdmin 4.9.0.1 allows deletion of any server in the Setup page...

Access Control Bypass

Overview Affected versions of this package are vulnerable to Access Control Bypass in the MFAUserAccountSetupMVCActionCommand class that allows an authenticated used to deny service to another user by enabling the Time-based One-time password TOTP feature for their account, or by modifying the...

GHSA-22C6-3H88-26M3 Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp serverURL parameter. This issue was fixed in version 4.4.2...

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp driver parameter. This issue was fixed in version 4.4.2...

Ignite Realtime Openfire allows Cross-site Scripting

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter. This issue was fixed in version 4.4.2...

keycloak vulnerable to unauthorized login via mail server setup

A flaw was found in keycloack before version 8.0.0. The owner of 'placeholder.org' domain can setup mail server on this domain and knowing only name of a client can reset password and then log in. For example, for client name 'test' the email address will be '[email protected]'...

Dolibarr Cross-site Scripting via outgoing email setup feature

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to instead of real recipients, for test purposes" field...

Dolibarr Cross-site Scripting via outgoing email setup feature

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails fields 'Errors-To' in emails sent" field...

GHSA-R4GF-GGP5-25G5 Dolibarr Cross-site Scripting via outgoing email setup feature

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Email used for error returns emails fields 'Errors-To' in emails sent" field...

GHSA-RR5G-RC28-WXWJ Dolibarr Cross-site Scripting via outgoing email setup feature

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the /admin/mails.php?action=edit URI via the "Send all emails to instead of real recipients, for test purposes" field...

GHSA-9P7Q-V9GP-FRQ4 Dolibarr Cross-site Scripting vulnerability

An issue was discovered in Dolibarr 10.0.2. It has XSS via the "outgoing email setup" feature in the admin/mails.php?action=edit URI via the "Sender email for automatic emails default value in php.ini: Undefined" field...

PowerProxy - PowerShell SOCKS Proxy With Reverse Proxy Capabilities

PowerShell SOCKS proxy with reverse proxy capabilities. PowerProxy is written with penetration testers in mind. Reverse proxy functionality is a priority, for traversing networks that block inbound connections. Reverse proxy connections are encrypted by default. Username/Password authentication i...

new packages: setup

An update is available for setup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Enterprise...

new packages: initial-setup

An update is available for initial-setup. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky...