6 matches found
altera Quartus Prime Pro Edition Design Software 安全漏洞
The altera Quartus Prime Pro Edition Design Software is an FPGA design and development software suite from altera, USA. A security vulnerability exists in altera Quartus Prime Pro Edition Design Software that originates from not checking target installation directory permissions...
Liferay Portal和Liferay DXP 安全漏洞
Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...
CVE-2023-28435
Dataease is an open source data visualization and analysis tool. The permissions for the file upload interface is not checked so users who are not logged in can upload directly to the background. The file type also goes unchecked, users could upload any type of file. These vulnerabilities has bee...
JetBrains TeamCity 安全漏洞
JetBrains TeamCity is a set of distributed build management and continuous integration tools from the Czech company JetBrains. The tool provides continuous unit testing, code quality analysis and build problem analysis reports and other features. JetBrains TeamCity suffers from a permissions issu...
Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Impact You can create, delete etc. tags without having the permission to do so. This vulnerability allows an attacker to perform broken access control and add tags to admin panel and add dumy data. One can do this as intruder and add text parameters with random numbers and this will effect...
eshop后台大面积sql注入
简要描述: 自从某数字公司悬赏后,数字公司没火,乌云上对ec的漏洞频繁爆出。。不知是什么一个情况?虽然后台漏洞大多数没钱。但是本着审核代码的原则。还是提一下把混点rank也好。现在rank是111 不吉利啊 详细说明: 后台大规模的存在 order by 注入 搜索了一下 $REQUEST'sortby' 或者$REQUEST'sortorder' 大约涉及到30多个文件。。。 我的天。30多处!!ec的开发人员都是copy代码的吗?? 说代码把 拿一处来讲把 这里没有检查权限 admin\ads.php 行36 if $REQUEST'act' == 'list' $pid =...