5 matches found
Missing Origin Validation in WebSockets
Overview Affected versions of this package are vulnerable to Missing Origin Validation in WebSockets via missing origin validation in all WebSocket endpoints. An attacker can gain unauthorized access to authenticated WebSocket sessions by tricking a logged-in administrator into visiting a malicio...
Improper Validation of Integrity Check Value
Overview Affected versions of this package are vulnerable to Improper Validation of Integrity Check Value through the Restore process in internal/backup/restore.go and internal/backup/manifest.go. An attacker can inject malicious configuration and gain arbitrary command execution by tampering wit...
PT-2024-19279 · Nextcloud · Nextcloud Global Site Selector
Name of the Vulnerable Software and Affected Versions: Nextcloud Global Site Selector versions prior to 1.4.1 Nextcloud Global Site Selector versions prior to 2.1.2 Nextcloud Global Site Selector versions prior to 2.3.4 Nextcloud Global Site Selector versions prior to 2.4.5 Description: The...
PT-2023-6589 · Apache +1 · Apache Santuario Xml Security For Java +1
Name of the Vulnerable Software and Affected Versions: Apache Santuario - XML Security for Java versions prior to 2.2.6 Apache Santuario - XML Security for Java versions prior to 2.3.4 Apache Santuario - XML Security for Java versions prior to 3.0.3 Description: The issue is related to the...
PT-2019-11494 · David Tschumperle · Cimg Library
Name of the Vulnerable Software and Affected Versions: CImg Library versions prior to 2.3.4 Description: The issue allows for command injection, potentially leading to Remote Code Execution RCE, due to a lack of string sanitization on user-controllable URLs when loading images using the load...