262 matches found
PYSEC-2021-31
OMERO.web is open source Django-based software for managing microscopy imaging. OMERO.web before version 5.9.0 loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. This represents an information...
OMERO.web exposes some unnecessary session information in the page
Background OMERO.web loads various information about the current user such as their id, name and the groups they are in, and these are available on the main webclient pages. Some additional information being loaded is not used by the webclient and is being removed in this release. Impact OMERO.we...
CVE-2021-27948
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...
CVE-2021-27948
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...
Sql injection
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...
CVE-2021-27948
SQL Injection vulnerability in MyBB before 1.8.26 via User Groups. issue 3 of 3...
CVE-2021-27948
CVE-2021-27948 affects MyBB before 1.8.26, via the User Groups component, caused by a SQL injection vulnerability in the user groups logic. The vulnerability can impact confidentiality, integrity and availability (per CVSS metrics). Mitigation: upgrade MyBB to 1.8.26 or later (or apply vendor-sup...
MyBB SQL注入漏洞
MyBB is a free open source forum software. A SQL injection vulnerability exists in user groups in versions of MyBB prior to 1.8.26. No detailed vulnerability details are provided at this time...
PT-2021-17688 · Mybb · Mybb
Name of the Vulnerable Software and Affected Versions: MyBB versions prior to 1.8.26 Description: The issue is related to a SQL Injection vulnerability. It affects the User Groups component. Recommendations: For versions prior to 1.8.26, update to version 1.8.26 or later to resolve the issue...
MediaWiki Cosmos Skin Cross-Site Scripting Vulnerability
MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki Cosmos Skin version...
Unable to limit visibility of applications to specific user groups
Previously able to restrict apps visibility to specific users or user groups using the 'Limit Visibility' option through the app properties. Now all company's users can see all apps when logging to the Cloud Workspace...
CVE-2020-27620
The Cosmos Skin for MediaWiki through 1.35.0 has stored XSS because MediaWiki messages were not being properly escaped. This is related to wfMessage and Html::rawElement, as demonstrated by CosmosSocialProfile::getUserGroups...
Cloud firewall management API SNAFU put 500k SonicWall customers at risk
TL;DR I found an IDOR in SonicWalls cloud management platform API Any user could add themselves to any account at any organisation using it Anyone could create a user account to exploit the issue, from the public internet Can be used to change firewall rules, or add rogue VPN users, for example...
Insecure Direct Object Reference vulnerability in the mysonicwall.com add-user API
An insecure direct object reference vulnerability has been identified in the users/add-user API endpoint of mysonicwall.com. This could allow a normal authenticated mysonicwall user to manipulate API parameter and gain access to user group of tenant of any other mysonicwall user account. CVE: N/A...
OPENSUSE-SU-2020:1014-1 Security update for google-compute-engine
This update for google-compute-engine fixes the following issues: - Don't enable and start google-network-daemon.service when it's already installed bsc1169978 + Do not add the created user to the adm CVE-2020-8903, docker CVE-2020-8907, or lxd CVE-2020-8933 groups if they exist bsc1173258...
8x8: IDOR: Adding Contacts to Other User Groups
The request to add a new contact performed insufficient validation on the specified group number. Altering the target group resulted in incrementing license count and disclosure of the name of the group, however access was not granted...
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...
Joomla! access control error vulnerability (CNVD-2020-25678)
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An access control error vulnerability exists in Joomla! versions 3.8.8 through 3.9.16, which can be exploited by an attacker to make unauthorized...
Joomla! access control error vulnerability (CNVD-2020-25676)
Joomla! is the U.S. Open Source Matters team of a set of PHP and MySQL development using open source , cross-platform content management system CMS. An Access Control Error vulnerability exists in Joomla! versions prior to 3.9.17 that stems from an incorrect ACL check and can be exploited by an...
CVE-2019-19029
Cloud Native Computing Foundation Harbor prior to 1.8.6 and 1.9.3 allows SQL Injection via user-groups in the VMware Harbor Container Registry for the Pivotal Platform...