19 matches found
CVE-2025-10254
Affected software: Ascensio System SIA OnlyOffice up to 12.7.0. Vulnerable component: SVG Image Handler processing of /Products/Projects/Messages.aspx. Root cause: unknown processing leads to cross-site scripting. Impact: cross-site scripting with remote initiation potential; exploit publicly ava...
Developing a Blockchain-Based Secure Digital Contents Distribution System
As digital content distribution expands rapidly through online platforms, securing digital media and protecting intellectual property has become increasingly complex. Traditional centralized systems, while widely adopted, suffer from vulnerabilities such as single points of failure and limited...
CVE-2024-45164
Akamai SIA Secure Internet Access Enterprise ThreatAvert, in SPS Security and Personalization Services before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticat...
CVE-2024-45164
Akamai SIA Secure Internet Access Enterprise ThreatAvert, in SPS Security and Personalization Services before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticat...
CVE-2024-45164
Akamai SIA Secure Internet Access Enterprise ThreatAvert, in SPS Security and Personalization Services before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticat...
sia-safe.com Improper Access Control vulnerability OBB-3810725
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
sia-interior.com Improper Access Control vulnerability OBB-3810716
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
sia.fr Cross Site Scripting vulnerability OBB-3779273
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Zabbix Sia Zabbix has an unspecified vulnerability (CNVD-2022-11529)
Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. Zabbix 4.0 LTS, 4.2, 4.4 and 5.0 LTS versions are vulnerable due to a lack of filtering and escaping of user submitted command parameters. Any user with the "Zabbix Administrator" role can run a...
Zabbix Sia Zabbix has an unspecified vulnerability
Zabbix Sia Zabbix is an open source monitoring system from the Latvian company Zabbix SIA Zabbix Sia. The system supports network monitoring, server monitoring, cloud monitoring, and application monitoring, etc. A security vulnerability exists in Zabbix Frontend, which stems from the fact that wi...
Siaberry 1.2.2 - Command Injection Vulnerability
Exploit for hardware platform in category web applications Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying a...
Siaberry 1.2.2 Command Injection
Siaberry's Command Injection Vulnerability Today, Iad like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying and selling data storage. The device is intended to give...
Siaberry 1.2.2 - Command Injection
Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying and selling data storage. The device is intended to give...
Siaberry 1.2.2 - Command Injection
Siaberry 1.2.2 - Command Injection Siaberry's Command Injection Vulnerability Today, I’d like to share several interesting vulnerabilities I discovered in Siaberry, a hardware device for earning cryptocurrency. Siaberry runs on Sia, a decentralized marketplace for buying and selling data storage...
Oracle WebCenter (Fatwire) 7.x Cross Site Scripting
Application: Oracle WebCenter Sites FatWire Content Server Versions Affected: 7.x 11gR1 Vendor URL: http://oracle.com Bugs: Multiple XSS Oracle WebCenter Sites FatWire Content Server 7.x 11gR1 Sent: 18.12.2017 Reported: 18.12.2017 Date of Public Advisory: 14.04.2018 Reference: Oracle Security Not...
Murgent CMS - SQL Injection Vulnerability
Document Title: =============== Murgent CMS - SQL Injection Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1646 Release Date: ============= 2015-11-16 Vulnerability Laboratory ID VL-ID: ==================================== 1646 Common...
ZABBIX<= 1.8.1 DBcondition函数SQL注入漏洞
BUGTRAQ ID: 39148 CVE ID: CVE-2010-0686 zabbix是一个CS结构的分布式网络监控系统。 Zabbix API使用了include/db.inc.php中定义的DBcondition函数来执行SQL查询中WHERE子句的条件。该函数没有对用户提供数据提供额外的检查: function DBcondition$fieldname, &$array, $notin=false, $string=false global $DB; $condition = ''; ---cut--- $in = $notin?' NOT IN ':' IN ';...
ZABBIX PHP前端多个输入验证漏洞
BUGTRAQ ID: 33965 zabbix是一个CS结构的分布式网络监控系统。 ZABBIX的PHP前端存在多个输入验证错误,远程攻击者可以通过提交恶意请求执行跨站请求伪造攻击、读取敏感信息或完全入侵有漏洞的系统。 1 include/validate.inc.php中没有正确的过滤对calcexp2函数所提交的extlang参数,这可能导致注入并执行任意PHP代码。 2 由于没有检查用户提交请求的有效性,远程攻击者可以通过提交HTTP执行非授权操作。 3...
TIBCO Rendezvous 7.4.11 - add router Remote Buffer Overflow
TIBCO Rendezvous 7.4.11 - add router Remote Buffer Overflow / Exploit: TIBCO RendezVous remote buffer overflow exploit for Win32 public version Affected products: Tibco RendezOVous version =7.4.11 Multiple Vulnerabilities Author: Andres Tarasco Acuña atarasco @ sia.es Advisory: http://www.514.es...