Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

MineAdmin 安全漏洞

MineAdmin is an open source permissions management system for MineAdmin. A security vulnerability exists in MineAdmin version v3.x. The vulnerability stems from improperly set permissions for the Scheduled Tasks feature, which could lead to the execution of arbitrary commands and full account...

IBM Terracotta 安全漏洞

IBM Terracotta is a suite of distributed in-memory data management software from International Business Machines IBM. A security vulnerability exists in IBM Terracotta version 3.x that stems from unfiltered or unsalted handling of externally sourced keys, which could result in degraded cache writ...

Moodle Code Execution Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in version 3.x of Moodle. A remote attacker could...

Moodle Design Vulnerability (CNVD-2018-10648)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system, or virtual learning environment, developed by Dr. Martin Dougiamas of Australia. A security vulnerability exists in version 3.x of Moodle. An attacker could exploit th...

PT-2017-14691 · Automattic · Woocommerce

Name of the Vulnerable Software and Affected Versions: WooCommerce plugin versions 3.x Description: The issue concerns a Directory Traversal vulnerability via the /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which could potentially access a parent directory. However, a software...

Octopus Deploy PackageId Value Directory Traversal Vulnerability

Octopus Deploy is an automation tool from Octopus Deploy Australia for development and deployment of . A security vulnerability exists in version 3.x of Octopus Deploy prior to 3.15.4. An attacker can exploit this vulnerability by uploading maliciously crafted NuGet packets to overwrite other...

DBD::mysql content misreference vulnerability

DBD::mysql is a Perl5 Database Interface DBI driver for MySQL. A content misreference vulnerability exists in DBD::mysql version 3.x and version 4.x prior to 4.041. An attacker can exploit this vulnerability to execute arbitrary code...

Common Management Agent 3.x vulnerable to information leakage

Overview Common Management Agent used in ePolicy Orchestrator and ProtectionPilot has a problem in directory access right setting which allows an attacker to obtain or view a list of files. Impact A remote attacker could view files. Solution None...