CVE-2021-43830

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

Eclipse Jetty DoS Vulnerability (GHSA-r7m4-f9h5-gr79) - Windows

Eclipse Jetty is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:eclipse:jetty";...

BIT-OPENPROJECT-2021-43830

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

CVE-2023-46816

An issue was discovered in SugarCRM 12 before 12.0.4 and 13 before 13.0.2. A Server Site Template Injection SSTI vulnerability has been identified in the GecControl action. By using a crafted request, custom PHP code can be injected via the GetControl action because of missing input validation. A...

SugarCRM 13.0.1 Server-Side Template Injection

---------------------------------------------------------------------------- SugarCRM = 13.0.1 GetControl Server-Side Template Injection Vulnerability ---------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions: Versio...

MAL-2023-1248 Malicious code in ng-file-upload-shim (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis 51cd8a582b38d577b6dc6deb3879019bd0b0c68ae7e5bf23d787aa2721e6e334 The OpenSSF Package Analysis project identified 'ng-file-upload-shim' @ 12.0.4 npm as malicious. It is considered malicious because: - The packa...

PT-2023-21337 · Wondershare · Wondershare Edraw-Max

Name of the Vulnerable Software and Affected Versions: Wondershare Edraw-max version 12.0.4 Description: An issue in Wondershare Edraw-max allows a remote attacker to execute arbitrary commands via the edraw-max setup full5371.exe file. Recommendations: For version 12.0.4, consider removing or...

Wondershare 代码问题漏洞

Wondershare is a data transfer tool. A security vulnerability exists in Wondershare version v.12.0.4. An attacker exploiting this vulnerability can remotely execute commands via edraw-maxsetupfull5371.exe...

CVE-2021-43830

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

CVE-2021-43830 SQL injection in OpenProject

OpenProject is a web-based project management software. OpenProject versions = 12.0.0 are vulnerable to a SQL injection in the budgets module. For authenticated users with the "Edit budgets" permission, the request to reassign work packages to another budget unsufficiently sanitizes user input in...

CVE-2018-3030

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.4, 12.1.0, 12.3.0 and 12.4.0. Easily exploitable vulnerability allows low privileged attacker with network access...

CVE-2017-2147

WP Statistics for WordPress is affected in versions 12.0.4 and earlier by a stored cross-site scripting vulnerability (CWE-79). An attacker can inject arbitrary script via unspecified vectors, impacting users’ browsers. Remediation: update the WP Statistics plugin to version 12.0.5 or later, as i...

CVE-2017-2136

Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers...

JVN#77253951: WordPress plugin "WP Statistics" vulnerable to cross-site scripting

The WordPress plugin "WP Statistics" provided by WP Statistics contains a stored cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user accessing the page generated by the application. Solution Update the plugin Update the plugin accordi...

CVE-2016-8317

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Unit Trust. Supported versions that are affected are 12.0.1, 12.0.2,12.0.4,12.1.0 and 12.3.0. Difficult to exploit vulnerability allows low privileged attacker with network...

Adobe Photoshop Multiple Vulnerabilities

Adobe Photoshop is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:adobe:photoshopcs5";...