12 matches found
CVE-2022-48023
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...
CVE-2022-48023
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...
CVE-2022-48023
Insufficient privilege verification in Zammad v5.3.0 allows an authenticated attacker to perform changes on the tags of their customer tickets using the Zammad API. This is now corrected in v5.3.1 so that only agents with write permissions may change ticket tags...
Uncaught Exception in fastify-multipart
Impact This is a bypass of CVE-2020-8136 https://vulners.com/cve/CVE-2020-8136. By providing a name=constructor property it is still possible to crash the application. The original fix only checks for the key proto https://github.com/fastify/fastify-multipart/pull/116. All users are recommended t...
Remote code execution
emlog v5.3.1 and emlog v6.0.0 have a Remote Code Execution vulnerability due to upload of database backup file in admin/data.php...
CVE-2021-3293
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file...
CVE-2021-3293
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file...
Path traversal
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file...
CVE-2021-3293
Affected software: emlog v5.3.1. Vulnerability: full path disclosure in t/index.php, enabling an attacker to view the path to the webroot/file. Root cause/impact: information disclosure of the server’s filesystem structure; no explicit exploit details provided in the documents. Exploitation statu...
CVE-2021-3293
emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file...
Security Bulletin: Vulnerability in RC4 stream cipher affects IBM WebSphere MQ (CVE-2015-2808)
Summary The RC4 “Bar Mitzvah” Attack for SSL/TLS affects IBM WebSphere MQ. Vulnerability Details CVEID: CVE-2015-2808 DESCRIPTION: The RC4 algorithm, as used in the TLS protocol and SSL protocol, could allow a remote attacker to obtain sensitive information. An attacker could exploit this...
MetInfo v5.3.1 global.func.php SQL注入
No description provided by source...