63 matches found
CVE-2026-46425 Budibase: SCIM endpoints lack role-based authorization, BASIC users CRUD tenant users
Budibase is an open-source low-code platform. Prior to 3.38.2, packages/worker/src/api/routes/global/scim.ts attaches only two middlewares to the SCIM router: requireSCIM checks the Enterprise feature flag and SCIM config and doInScimContext sets the SCIM request context. There is no role check...
EUVD-2009-1078
Malware in sbrugna...
EUVD-2010-3542
Malware in sbrugna...
EUVD-2008-5093
Malware in sbrugna...
EUVD-2008-0251
Malware in sbrugna...
EUVD-2008-5096
Malware in sbrugna...
EUVD-2008-0252
Malware in sbrugna...
EUVD-2009-1085
Malware in sbrugna...
CVE-2009-1079
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19659, 19660, and 19683...
CVE-2009-1081
Multiple cross-site scripting XSS vulnerabilities in Sun Java System Identity Manager IdM 7.0 through 8.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug IDs 19595 and 19661...
SAP NetWeaver AS ABAP Capture-Replay (3089413)
SAP NetWeaver ABAP Server and ABAP Platform creates information about system identity in an ambiguous format. This could lead to capture-replay vulnerability and may be exploited by malicious users to obtain illegitimate access to the system. Note that Nessus has not tested for this issue but has...
CVE-2023-0014
SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...
Design/Logic Flaw
SAP NetWeaver ABAP Server and ABAP Platform - versions SAPBASIS 700, 701, 702, 710, 711, 730, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, KERNEL 7.22, 7.53, 7.77, 7.81, 7.85, 7.89, KRNL64UC 7.22, 7.22EXT, 7.53, KRNL64NUC 7.22, 7.22EXT, creates information about system identity in an ambiguo...
GitLab 访问控制错误漏洞
GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. An Access Control Error vulnerability exists in GitLab Community Edition and GitLab...
Luna Simo信息泄露漏洞
Luna Simo is a smartphone from the Korean company Luna. A security vulnerability exists in Luna Simo PPR1.180610.011/202001031830. The vulnerability stems from improper access control, where all third-party applications located on the device can obtain the value of the system IMEI attribute even...
Sun Java System Identity Manager 6.0/7.0/7.1 /idm/help/index.jsp helpUrl Variable Remote Frame Injection
No description provided by source. source: http://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied...
Sun Java System Identity Manager 6.0/7.0/7.1 /idm/account/findForSelect.jsp resultsForm Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/27214/info Sun Java System Identity Manager is prone to multiple input-validation vulnerabilities, including an HTML-injection issue and cross-site scripting issues, because it fails to adequately sanitize user-supplied...
Sun Java System Identity Manager 6.0/7.x Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/32262/info Sun Java System Identity Manager is prone to multiple web-interface vulnerabilities, including a cross-site request-forgery issue, multiple cross-site scripting issues, multiple HTML-injection issues, and a...
EasyTalk以系统身份向用户发XSS
简要描述: EasyTalk以系统身份向用户发XSS 详细说明: 出现问题的代码文件路径 : easytalk/Home/Lib/Action/ImAction.class.php 代码加载时 public function initialize parent::init; 没要求登录 而EasyTalk存储型XSS和以系统身份向任意用户发私信的漏洞在这代码 //发表聊天 public function sendmsg $ret=D'Messages'-sendmsgdaddslashes$POST'content' ,daddslashes$POST'nickname',$this-m...
Sun Java System Identity Manager ext Parameter Arbitrary File Retrieval
The version of Sun Java System Identity Manager hosted on the remote web server fails to sanitize user-supplied input to 'ext' parameter in file 'includes/helpServer.jsp' before using it to display help files. An unauthenticated attacker can exploit this vulnerability to retrieve arbitrary files...