14 matches found
EUVD-2017-9965
Malware in sbrugna...
PT-2025-24277 · 1000 Projects · Best Courier Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects ABC Courier Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /adminSQL. The manipulation of the Username argument leads to SQL injection. This issue c...
PT-2025-23381 · Sourcecodester · Sourcecodester Health Center Patient Record Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Health Center Patient Record Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Health Center Patient Record Management System. The issue affects some unknown functionality ...
CVE-2023-2515
Mattermost fails to restrict a user with permissions to edit other users and to create personal access tokens from elevating their privileges to system admin...
Mattermost Server 9.11.x < 9.11.12 / 10.5.x < 10.5.3 Multiple Vulnerabilities (MMSA-2025-00455, MMSA-2025-00456)
The version of Mattermost Server installed on the remote host is prior to 9.11.12 or 10.5.3. It is, therefore, affected by multiple vulnerabilities as referenced in the MMSA-2025-0045500456 advisory. - Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's...
CVE-2025-2570 System Admin Cannot Access Environment settings in System Console While System Manager Can
Mattermost versions 10.5.x = 10.5.3, 9.11.x = 9.11.11 fail to check RestrictSystemAdmin setting if user doesn't have access to ExperimentalSettings which allows a System Manager to access ExperimentSettings when RestrictSystemAdmin is true via System Console...
CVE-2025-2570
Mattermost CVE-2025-2570 affects Mattermost Server versions 10.5.x ≤ 10.5.3 and 9.11.x ≤ 9.11.11. Root cause: the system fails to enforce RestrictSystemAdmin when a user lacks access to ExperimentalSettings, allowing a System Manager to access ExperimentSettings via the System Console. Impact: ex...
CVE-2025-30067
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...
CVE-2025-30067
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...
CVE-2025-30067 Apache Kylin: The remote code execution via jdbc url
Improper Control of Generation of Code 'Code Injection' vulnerability in Apache Kylin. If an attacker gets access to Kylin's system or project admin permission, the JDBC connection configuration maybe altered to execute arbitrary code from the remote. You are fine as long as the Kylin's system an...
CVE-2024-4844
Hardcoded credentials vulnerability in Trellix ePolicy Orchestrator ePO on Premise prior to 5.10 Service Pack 1 Update 2 allows an attacker with admin privileges on the ePO server to read the contents of the orion.keystore file, allowing them to access the ePO database encryption key. This was...
Hosting Controller 6.1 Hot fix <= 3.3 Multiple Remote Vulnerabilities
No description provided by source. Title: Multiple Security Bugs In Hosting Controller Critical: Extremely critical Impact: Full system administrator access Vendor: Hosting Controller Version: 6.1 Hot fix = 3.3 Vendor URL: www.hostingcontroller.com Solution: N/A From company - There is temporary...
Guest permissions break 8 law-vulnerability and early warning-the black bar safety net
Guest privilege escalation method summary: Now the invasion is more and more difficult, People's safety awareness have generally increased a lot, even the individual user to understand firewalls, antivirus software and to equipment in hand, for Microsoft's patch to upgrade also no longer is not...
SpyAnywhere Authentication Bypassing Vulnerabilities
Strumpf Noir Society Advisories ! Public release ! -- -= SpyAnywhere Authentication Bypassing Vulnerabilities =- Release date: Tuesday, May 22, 2001 Introduction: Spytech's SpyAnywhere application is a remote PC monitoring and administration package for the MS Windows OS. SpyAnywhere can be...