CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

Hardcoded credentials

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

CVE-2023-34878

CVE-2023-34878 affects Ujcms v6.0.2, where the dir parameter in the endpoint "/api/backend/core/web-file-html/download-zip" can cause leakage of sensitive information. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK access, LOW attack complexity, NONE privileges, NONE user interaction, and CO...

GSD-2022-1006933 nilfs2: fix NULL pointer dereference at nilfs_bmap_lookup_at_level()

nilfs2: fix NULL pointer dereference at nilfsbmaplookupatlevel This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.2 by commit...

GSD-2022-1006930 nilfs2: fix use-after-free bug of struct nilfs_root

nilfs2: fix use-after-free bug of struct nilfsroot This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.2 by commit...

GSD-2022-1006923 wifi: mac80211: fix crash in beacon protection for P2P-device

wifi: mac80211: fix crash in beacon protection for P2P-device This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v6.0.2 by commit...

CVE-2022-32060

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

Design/Logic Flaw

An arbitrary file upload vulnerability in the Update Branding Settings component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

CVE-2022-32061

An arbitrary file upload vulnerability in the Select User function under the People Menu component of Snipe-IT v6.0.2 allows attackers to execute arbitrary code via a crafted file...

AZL-44298 CVE-2019-20149 affecting package js-jquery for versions less than 3.5.0-4

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

Design/Logic Flaw

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

CVE-2019-20149

ctorName in index.js in kind-of v6.0.2 allows external user input to overwrite certain internal attributes via a conflicting name, as demonstrated by 'constructor': 'name':'Symbol'. Hence, a crafted payload can overwrite this builtin attribute to manipulate the type detection result...

CVE-2019-20149

CVE-2019-20149 pertains to kind-of v6.0.2 where ctorName in index.js can be overwritten via a crafted payload to alter type-detection results by exploiting a conflicting name (e.g., 'constructor': {'name':'Symbol'}). The IBM QRadar Use Case Manager bulletin (connected doc) aggregates this CVE amo...

CVE-2017-1000509

Dolibarr version 6.0.2 contains a Cross Site Scripting XSS vulnerability in Product details that can result in execution of javascript code...

CVE-2017-1000509

Dolibarr 6.0.2 exposes a cross-site scripting (XSS) vulnerability in the Product details component, enabling execution of JavaScript. The issue is publicly documented across multiple feeds; maintainers indicate the fix is in version 7.0.0. No exploitation details are provided in the supplied docu...