Missing Authorization

Overview glpi/glpi is a free Asset and IT Management Software package with ITIL Service Desk, licenses tracking and software auditing. Affected versions of this package are vulnerable to Missing Authorization in the export process. An attacker can gain access to the structure of forms they are no...

GHSA-33M5-HQP9-97PW Craft CMS's Missing Volume Permission Check in AssetsController::actionShowInFolder Allows Information Disclosure

Summary AssetsController::actionShowInFolder fetches an asset by ID and returns its filename and complete folder hierarchy including volume handle, volume UID, folder names, folder UIDs, and folder URI paths without checking whether the requesting user has viewAssets or viewPeerAssets permission ...

PT-2026-37441

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

EUVD-2020-8899

Malware in sbrugna...

EUVD-2020-3082

Malware in sbrugna...

The vulnerability of the network management system for monitoring industrial networks in Siemens SINEC NMS lies in the lack of measures taken to protect the SQL query structure. This allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Siemens SINEC NMS network management system for monitoring industrial networks is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibili...

PT-2024-10317 · 1с · Битрикс24 +1

Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is related to the UI module of the Битрикс24 business management service and the 1С-Битрикс site management system CMS, which fails to protect the web page...

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out cross-site scripting attacks.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability could allow a malicious actor to carry out cross-site scripting attacks...

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s entity Tra: The lack of protection for the website structure allows attackers to carry out cross-site scripting attacks.

The vulnerability of the platform for automating operations in healthcare institutions of the Russian Federation’s Tra:Pharmaceutical supply relates to the failure to take measures to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor, operating remotely...

Design/Logic Flaw

Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."...

New release of MySQL fixes security bugs

MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure...