13 matches found
Deserialization of Untrusted Data
Overview torrentpier/torrentpier is a bull-powered BitTorrent tracker engine. Affected versions of this package are vulnerable to Deserialization of Untrusted Data through the deserialization process. An attacker can execute arbitrary code or read files by supplying crafted serialized data. Detai...
Incorrect Privilege Assignment
Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity/groups endpoints. An attacker can gain unauthorized root-level permissions by adding a root policy to a group, thereby escalating their own or another user's privileges. Note: This is only...
CVE-2014-125110
A vulnerability has been found in wp-file-upload Plugin up to 2.4.3 on WordPress and classified as problematic. Affected by this vulnerability is the function wfuajaxactioncallback of the file lib/wfuajaxactions.php. The manipulation leads to cross site scripting. The attack can be launched...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass in the authorization process. An attacker can gain limited unauthorized access by exploiting insufficient authorization checks with high privileges...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass that could allow a privileged attacker to escalate privileges. Remediation Upgrade magento/community-edition to version 2.4.4-p12, 2.4.5-p11, 2.4.6-p9...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass. A low-privileged attacker can bypass security measures and impact system integrity by exploiting this vulnerability without user interaction...
Improper Input Validation
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation through the PHP filter chain. An attacker with administrative privileges can read files from the system outside of the intended directories and...
Access Control Bypass
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Access Control Bypass. A low-privileged attacker can bypass security measures and compromise data integrity by exploiting these settings. Remediation Upgrade...
Command Injection
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Command Injection via improper neutralization of special elements. An admin attacker can execute arbitrary system commands by leveraging administrative privileges and...
Improper Input Validation
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Input Validation due to improper input validation. An attacker can execute arbitrary code in the context of the current user by sending specially crafted input to...
PT-2023-29701 · Node.Js +1 · Node.Js +1
Name of the Vulnerable Software and Affected Versions: Synchrony deobfuscator versions prior to 2.4.4 Description: A proto pollution vulnerability exists in the LiteralMap transformer, allowing crafted input to modify properties in the Object prototype. Successful exploitation could lead to...
Improper Authorization
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Authorization due to improper handling of authorization checks. An attacker can bypass security features and access unauthorized data without user interaction...
Improper Neutralization of Special Elements Used in a Template Engine
Overview magento/community-edition is a modern cloud eCommerce platform. Affected versions of this package are vulnerable to Improper Neutralization of Special Elements Used in a Template Engine due to the improper neutralization of special elements used in a template engine. An attacker can...