openGauss: Configuring the Maximum Logging Duration of An Audit Log File

The parameter auditrotationinterval specifies the maximum logging duration of an audit log file. After the time expires, another audit log file is automatically Created. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright...

openGauss: Enabling the Database Auditing

After a security event occurs, audit logs are used to trace the event, locate faults, and clarify responsibilities. You are advised to set auditenabled to on. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

CVE-2020-26211

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

Code injection

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

CVE-2020-26211 Cross-Site Scripting in BookStack

In BookStack before version 0.30.4, a user with permissions to edit a page could insert JavaScript code through the use of javascript: URIs within a link or form which would run, within the context of the current page, when clicked or submitted. Additionally, a user with permissions to edit a pag...

Code injection

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

CVE-2020-26210 Cross-Site Scripting in BookStack

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

Loginizer < 1.6.4 - Unauthenticated SQL Injection

The Loginizer WordPress plugin was found to be affected by an Unauthenticated SQL Injection vulnerability found by the security researcher mslavco. The vulnerability was triggered within the brute force protection functionality, which was enabled by default when the plugin was first installed. Wh...

Apache Kylin Information Disclosure Vulnerability

Apache Kylin is an open source distributed analytic data warehouse from the Apache Software Foundation. The product mainly provides Hadoop/Spark on top of the SQL query interface and multi-dimensional analysis OLAP and other functions. Apache Kylin exists an information disclosure vulnerability,...

Apache Calcite Clickjacking Vulnerability

Apache Calcite is a dynamic data management framework that has many of the features of a typical database management system, such as SQL parsing, SQL validation, SQL query optimization, SQL generation, and data connection queries. clickjacking vulnerability exists in versions of Apache Calcite...

EasyPMS 1.0.0 - Authentication Bypass

Exploit Title: EasyPMS 1.0.0 - Authentication Bypass Discovery by: Jok3r Vendor Homepage: https://www.elektraweb.com/en/ Software Link: https://github.com/Travelaps/EasyPMS/releases/ Tested Version: 1.0.0 Vulnerability Type: Authentication Bypass Tested on OS: Windows Server 2012 Description:...

The vulnerability of the VeloCloud Orchestrator component of the VMware SD-WAN programmable network management platform lies in the lack of security measures for the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the VeloCloud Orchestrator component of the VMware SD-WAN programmable network management platform relates to the lack of security measures for the SQL query structure. Exploiting this vulnerability could allow attackers to compromise the confidentiality, integrity, and...

CVE-2020-15628

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the user parameter, the...

CVE-2020-15621

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxmailautoreply.php. When parsing the email parameter, the...

CVE-2020-15619

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the type parameter, the...

CVE-2020-15618

This vulnerability allows remote attackers to disclose sensitive information on affected installations of CentOS Web Panel cwp-e17.0.9.8.923. Authentication is not required to exploit this vulnerability. The specific flaw exists within ajaxlistaccounts.php. When parsing the username parameter, th...

CVE-2020-14491

OpenClinic GA versions 5.09.02 and 5.89.05b do not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information...

OpenClinic GA suffers from an unspecified vulnerability (CNVD-2021-17442)

OpenClinic GA is an open source hospital information management system. The system supports financial management, clinical management and laboratory management and other functions. A security vulnerability exists in OpenClinic GA version 5.09.02 and 5.89.05b, which originates from the program...

PT-2020-14548 · Centos · Centos Web Panel

Name of the Vulnerable Software and Affected Versions: CentOS Web Panel version cwp-e17.0.9.8.923 Description: This issue allows remote attackers to disclose sensitive information on affected installations. Authentication is not required to exploit this issue. The flaw exists within the ajax add...