Unauthorized Access

alextselegidis/easyappointments is vulnerable to Unauthorized Access. The vulnerability is due to insufficient access controls in the GET, PUT, DELETE /providers/providerId endpoints, allowing a low privileged user to fetch, modify, or delete a privileged user's data...

CVE-2023-38028

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service...

CVE-2023-38028 Saho ADM100&ADM-100FP - Broken Access Control

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service...

CVE-2023-38028 Saho ADM100&ADM-100FP - Broken Access Control

Saho’s attendance devices ADM100 and ADM-100FP have insufficient authentication. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication to read system information and operate user's data, but can’t control system or disrupt service...

Authorization

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

CVE-2023-29288 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.6 and earlier, 2.4.5-p2 and earlier and 2.4.4-p3 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. A privileged attacker could leverage this vulnerability to modify a minor functionality of another user...

Cross-Site Scripting (XSS)

com.liferay:com.liferay.account.admin.web is vulnerable to Cross-Site Scripting XSS attacks. The library does not properly escape the special characters before it output to the front end, allowing a remote authenticated attacker to inject and execute malicious JavaScript on victim's browser via a...

CVE-2020-35734

Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...

CVE-2020-35734

Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...

CVE-2020-35734

Sruu.pl in Batflat 1.3.6 allows an authenticated user to perform code injection and consequently Remote Code Execution via the input fields of the Users tab. To exploit this, one must login to the administration panel and edit an arbitrary user's data username, displayed name, etc.. NOTE: This...

GHSA-P8FM-W787-X6X3 Malicious Package in portionfatty12

All versions of portionfatty12 are considered malicious. The package is malware designed to steal user's data. When installed it uploads the user's public SSH keys to a remote server. Recommendation This package is not available on the npm Registry anymore. If you happen to find this package in...

Input validation

The Tecno Camon Android device with a build fingerprint of TECNO/H622/TECNO-ID5b:8.1.0/O11019/G-180829V31:user/release-keys contains a pre-installed platform app with a package name of com.lovelyfont.defcontainer versionCode=7, versionName=7.0.11. This app contains an exported service named...

Malicious Package

Overview All versions of portionfatty12 are considered malicious. The package is malware designed to steal user's data. When installed it uploads the user's public SSH keys to a remote server. Recommendation This package is not available on the npm Registry anymore. If you happen to find this...

DLA-297-1 wesnoth-1.8 - security update

Bulletin has no description...

Ubuntu Update for firefox vulnerabilities USN-690-3

Ubuntu Update for Linux kernel vulnerabilities USN-690-3 OpenVAS Vulnerability Test $Id: gbubuntuUSN6903.nasl 7969 2017-12-01 09:23:16Z santu $ Ubuntu Update for firefox vulnerabilities USN-690-3 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH,...

[eVuln] PHP Event Calendar XSS & User's Data Corruption Vulnerabilities

New eVuln Advisory: PHP Event Calendar XSS & User's Data Corruption Vulnerabilities http://evuln.com/vulns/63/summary.html --------------------Summary---------------- eVuln ID: EV0063 CVE: CVE-2006-0657 Vendor: Softcomplex Vendor's Web Site: http://www.softcomplex.com/ Software: PHP Event Calenda...