8 matches found
PT-2025-36961
Name of the Vulnerable Software and Affected Versions: Calix GigaCenter ONT versions 844E Calix GigaCenter ONT versions 844G Calix GigaCenter ONT versions 844GE Calix GigaCenter ONT versions 854GE Description: An OS Command Injection issue exists in Calix GigaCenter ONT Quantenna SoC modules...
Hardcoded credentials
An issue was discovered in Joomla! 2.5.0 through 3.9.27. Install action in cominstaller lack the required hardcoded ACL checks for superusers. A default system is not affected cause the default ACL for cominstaller is limited to super users already...
Joomla 2.5.x < 3.9.28 Multiple Vulnerabilities (5840-joomla-3-9-28)
According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.28. It is, therefore, affected by multiple vulnerabilities. - Inadequate escaping in the Rules field of the JForm API leads to a XSS vulnerability. CVE-2021-26035 - Missing...
[20210704] - Core - Privilege escalation through com_installer
Install action in cominstaller lack the required hardcoded ACL checks for superusers, leading to various potential attack vectors. A default system is not affected cause by default cominstaller is limited to super users already...
Elastic: Async search stores authorization headers in clear text
Summary: The .async-search index stores the results of async searches. It also stores a copy of the requests authorization headers, in clear text. These clear text authorization headers are then available to anyone with access to .async-search, probably mostly super users. Description: While you...
DotNetNuke File Upload Limit Bypass Vulnerability
DotNetNuke CMS referred to as DNN is a free , open source , scalable content management system , is built on the ASP.NET platform Web application framework. DotNetNuke has a security vulnerability. An attacker can upload files with extensions that are only allowed for super users by executing cod...
Design/Logic Flaw
Meinberg Lantime M300 and M1000 devices allow attackers with privileges to configure a device to execute arbitrary OS commands by editing the /config/netconf.cmd script aka Extended Network Configuration. Note: According to the description, the vulnerability requires a fully authenticated...
Member of confluence-administrators group able to see restricted page in pagetree, quick search and navigation panel
Bug Background Confluence super-users or member of confluence-administrators group should be able to access any content in Confluence including restricted content as long as it have the direct URL to access as describe in our documentation...