17 matches found
EUVD-2019-0767
Malware in sbrugna...
EUVD-2024-32097
Malicious code in bioql PyPI...
CVE-2024-3511
An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versione...
Incorrect Authorization
Overview org.wso2.carbon:org.wso2.carbon.user.core is a component of the next-generation WSO2 Carbon platform Affected versions of this package are vulnerable to Incorrect Authorization via flawed authorization logic in the isUserAuthorized function in the file JDBCAuthorizationManager.java. An...
CVE-2024-3511
An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versione...
PT-2025-26582
Name of the Vulnerable Software and Affected Versions: WSO2 products affected versions not specified Description: An incorrect authorization issue exists, allowing unauthorized access to versioned files stored in the registry. This is due to flawed authorization logic, which can be exploited by a...
CVE-2023-33984
SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...
CVE-2023-33984 Cross-Site Scripting (XSS) vulnerability in NetWeaver (Design Time Repository)
SAP NetWeaver Design Time Repository - version 7.50, returns an unfavorable content type for some versioned files, which could allow an authorized attacker to create a file with a malicious content and send a link to a victim in an email or instant message. Under certain circumstances, this could...
SAP NetWeaver 跨站脚本漏洞
SAP NetWeaver is a set of service-oriented integrated application platform from SAP, which provides a development environment for SAP applications. The platform provides a development and runtime environment for SAP applications, and ABAP is an application server that runs in NetWeaver and is bas...
GHSA-XM6J-X342-GWQ9 SilverStripe Versioned Files module Unpublished files are exposed publicly
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...
SilverStripe Versioned Files module Unpublished files are exposed publicly
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...
Unspecified Vulnerability in SilverStripe Versioned Files
SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . A security vulnerability exists in SilverStripe version 3.x in the Versioned Files...
CVE-2019-16409
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...
CVE-2019-16409
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...
Design/Logic Flaw
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...
CVE-2019-16409
CVE-2019-16409 affects the SilverStripe Versioned Files module up to version 2.0.3 on SilverStripe 3.x. Unpublished file versions are publicly exposed when their URLs are guessed, aided by knowledge of the module’s source code. The issue is a information disclosure due to insufficient access cont...
CVE-2019-16409
In the Versioned Files module through 2.0.3 for SilverStripe 3.x, unpublished versions of files are publicly exposed to anyone who can guess their URL. This guess could be highly informed by a basic understanding of the symbiote/silverstripe-versionedfiles source code. Users who upgrade from...