8 matches found
Mattermost Fails to Sanitize Path Traversal Sequences
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.9.x = 10.9.2 fails to sanitize path traversal sequences in template file destination paths, which allows a system admin to perform path traversal attacks via malicious path components, potentially enabling malicious file...
AXIS OS 安全漏洞
AXIS OS is an edge device operating system from Axis Sweden. A security vulnerability exists in AXIS OS versions 10.9 through 12.0 that stems from insufficient input validation and could lead to command injection...
PT-2024-32528 · Unknown · Salon Booking System
Name of the Vulnerable Software and Affected Versions: Salon Booking System versions through 10.9 Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the Salon Booking System, allowing for potential unauthorized access...
ALPINE-CVE-2022-27446
MariaDB Server v10.9 and below was discovered to contain a segmentation fault via the component sql/itemcmpfunc.h...
Privilege escalation
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account XML Signature Wrapping Attack. In...
CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below.
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker who is able to intercept and modify a SAML assertion to impersonate another account XML Signature Wrapping Attack. In...
Esri Portal for ArcGIS 跨站脚本漏洞
Esri Portal for ArcGIS is a Web-oriented, enterprise-class software platform for providing geolocation services from Esri, Inc. A cross-site scripting vulnerability exists in Esri Portal for ArcGIS 10.9 and prior versions, which stems from the application's lack of validation of user input and...
postgresql: Stack-based buffer overflow via setting a password
PostgreSQL versions 10.x before 10.9 and versions 11.x before 11.4 are vulnerable to a stack-based buffer overflow. Any authenticated user can overflow a stack-based buffer by changing the user's own password to a purpose-crafted value. This often suffices to execute arbitrary code as the...