45 matches found
CVE-2021-31677
An issue was discovered in PESCMS-V2.3.3. There is a CSRF vulnerability that can modify admin and other members' passwords...
EUVD-2021-18562
Malware in sbrugna...
EUVD-2021-18564
Malware in sbrugna...
EUVD-2024-2610
Malicious code in bioql PyPI...
CVE-2024-42485
Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...
Security Bulletin: Vulnerabilities in OpenSSL affect Cloud Pak System
Summary Vulnerabilities identified in OpenSSL affect Cloud Pak System. Vulnerability Details CVEID:CVE-2023-2650 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by a flaw when using OBJobj2txt directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS...
GHSA-R9MQ-3C9R-FMJQ Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy
Description Path traversal This vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the...
Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
Impact The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patches Patched with Version v2.3.3 Credits Thanks to Kevin Pohl for reporting this...
GHSA-M3PX-VJXR-FX4M Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
Impact The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patches Patched with Version v2.3.3 Credits Thanks to Kevin Pohl for reporting this...
CVE-2024-42485
Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...
CVE-2024-42485 Filament Excel Vulnerable to Path Traversal Attack on Export Download Endpoint
Filament Excel enables excel export for Filament admin resources. The export download route /filament-excel/path allowed downloading any file without login when the webserver allows ../ in the URL. Patched with Version v2.3.3...
GHSA-7JWH-3VRQ-Q3M8 pgproto3 SQL Injection via Protocol Message Size Overflow
Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. Patches The problem is resolved in v2.3.3...
pgproto3 SQL Injection via Protocol Message Size Overflow
Impact SQL injection can occur if an attacker can cause a single query or bind message to exceed 4 GB in size. An integer overflow in the calculated message size can cause the one large message to be sent as multiple messages under the attacker's control. Patches The problem is resolved in v2.3.3...
Sql injection
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /index.php/admins/Fields/getfields.html component...
CVE-2022-44140
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component...
Sql injection
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component...
CVE-2022-44140
Jizhicms v2.3.3 was discovered to contain a SQL injection vulnerability via the /Member/memberedit.html component...
CVE-2022-45278
CVE-2022-45278 affects Jizhicms v2.3.3. The vulnerability is a SQL injection in the /index.php/admins/Fields/get_fields.html component. CVSS 3.1 indicates a HIGH impact with network attack vector, low attack complexity, and no user interaction. No remediation details are provided in the supplied ...
CVE-2022-44140
CVE-2022-44140 affects Jizhicms v2.3.3, with a SQL injection vulnerability exposed via the /Member/memberedit.html component. The CVSS v3.1 base score is 8.8 (HIGH), with NETWORK attack vector, LOW attack complexity, and privileges required, no user interaction. Affected product/version detail is...
PESCMS Cross-Site Request Forgery Vulnerability
PESCMS is a content publishing platform. A security vulnerability exists in PESCMS version V2.3.3. An attacker exploited the vulnerability to change the passwords of administrators and other members...