EUVD-2018-15671

Malware in sbrugna...

eslint-config-prettier 安全漏洞

eslint-config-prettier is a Prettier open source application. A security vulnerability exists in eslint-config-prettier version 8.10.1, 9.1.1, 10.1.6, and 10.1.7, which stems from embedded malicious code that could lead to a supply chain attack...

Palo Alto Networks PAN-OS 8.1.x < 8.1.25 / 9.0.x < 9.0.17 / 9.1.x < 9.1.16 / 10.0.x < 10.0.11 / 10.1.x < 10.1.6 Vulnerability

The version of Palo Alto Networks PAN-OS running on the remote host is 8.1.x prior to 8.1.25 or 9.0.x prior to 9.0.17 or 9.1.x prior to 9.1.16 or 10.0.x prior to 10.0.11 or 10.1.x prior to 10.1.6. It is, therefore, affected by a vulnerability. - A cross-site scripting XSS vulnerability in Palo Al...

CVE-2021-36204

Under some circumstances an Insufficiently Protected Credentials vulnerability in Johnson Controls Metasys ADS/ADX/OAS 10 versions prior to 10.1.6 and 11 versions prior to 11.0.3 allows API calls to expose credentials in plain text...

GitLab 8.4.x - 9.5.10, 10.x - 10.1.5, 10.2.x - 10.2.5, 10.3.x - 10.3.3 Path Traversal Vulnerability

GitLab is prone to a path traversal vulnerability. SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:gitlab:gitlab"; if description...

Information disclosure

IBM Spectrum Protect Plus 10.1.0 through 10.1.6 may allow a local user to obtain access to information beyond their intended role and permissions. IBM X-Force ID: 193653...

Security Bulletin: Incorrect permissions on IBM Spectrum Protect Plus agent files (CVE-2020-4631)

Summary IBM Spectrum Protect Plus agent files on Windows have incorrect access permissions. Vulnerability Details CVEID: CVE-2020-4631 DESCRIPTION: IBM Spectrum Protect Plus agent files, in non-default configurations, on Windows are assigned access to everyone with full control permissions, which...

Security Bulletin: Information Disclosure in IBM Spectrum Protect Plus (CVE-2020-4565)

Summary IBM Spectrum Protect Plus uses insecure communication between the application and server which could allow an attacker to obtain sensitive information. Vulnerability Details CVEID: CVE-2020-4565 DESCRIPTION: IBM Spectrum Protect Plus could allow an attacker to obtain sensitive information...

PT-2018-16275

Name of the Vulnerable Software and Affected Versions ERPNext version 10.1.6 Description An exploitable SQL injection issue exists in the authenticated part of the software. Specially crafted web requests can cause SQL injections, resulting in data compromise. The searchfield parameter can be use...

Frappe ERPNext SQL Injection Vulnerability

Frappe ERPNext is an open source ERP Enterprise Resource Planning system. The system includes functions for financial management, inventory management, customer relationship management, project management and human resource management. A SQL injection vulnerability exists in the 'sortby' paramete...

Vulnerability Spotlight: TALOS-2018-0560 - ERPNext SQL Injection Vulnerabilities

Vulnerabilities discovered by Yuri Kramar from the Cisco Security Advisor Team Overview Talos is disclosing multiple SQL injection vulnerabilities in the Frappe ERPNext Version 10.1.6 application. Frappe ERPNext is an open-source enterprise resource planning ERP cloud application. These...

Adobe Reader ToolButton - Use-After-Free (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 "Adobe Reader ToolButton Use After Free", 'Description' = %q This module exploits an use after free condition on Adobe Reader versions...