161 matches found
Malicious code in apex-web-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware affe9864459fed841588f1a618582c20b5ac58aecf203a9bfb9fe148d95912ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-1037 Malicious code in apex-web-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware affe9864459fed841588f1a618582c20b5ac58aecf203a9bfb9fe148d95912ca Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Galleon NTS-6002 操作系统命令注入漏洞
Galleon NTS-6002 is a complete time solution for medium to large organizations from Galleon UK. An operating system command injection vulnerability exists in the Galleon NTS-6002-GPS version 4.14.103-Galleon-NTS-6002.V12, which allows an authenticated attacker to perform command injection as root...
Catch Web Tools < 2.7.1 - Subscriber+ Arbitrary Catch IDs Activation/Deactivation
The plugin does not have authorisation and CSRF check in its catchwebtoolscatchidsswitch AJAX action, allowing any authenticated users, such as subscriber to activate/disable Catch IDs fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...
Catch Web Tools < 2.7.1 - Subscriber+ Arbitrary Catch IDs Activation/Deactivation
The plugin does not have authorisation and CSRF check in its catchwebtoolscatchidsswitch AJAX action, allowing any authenticated users, such as subscriber to activate/disable Catch IDs PoC fetch"https://example.com/wp-admin/admin-ajax.php", "headers": "content-type":...
WordPress Catch Web Tools plugin <= 2.7 - Arbitrary Catch IDs Activation/Deactivation vulnerability
Arbitrary Catch IDs Activation/Deactivation vulnerability discovered by Jan w Oleju in WordPress Catch Web Tools plugin versions = 2.7. Solution Update the WordPress Catch Web Tools plugin to the latest available version at least 2.7.1...
WordPress Catch Web Tools plugin <= 2.6.6 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Web Tools plugin versions = 2.6.6. Solution Update the WordPress Catch Web Tools plugin to the latest available version at least 2.7...
Canon Oce ColorWave 3500 Security Breach
The Canon Oce ColorWave 3500 is a color printer from Canon Japan. The device is based on solid ink bead printing technology and image logic scanning processing, integrating CAD, GIS and full-coverage, full-color image printing in a single device to provide more professional functionality for the...
Debian DLA-2404-1 : eclipse-wtp security update
In Eclipse Web Tools Platform, a component of the Eclipse IDE, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences. For Debian ...
[SECURITY] [DLA 2404-1] eclipse-wtp security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-2404-1 [email protected] https://www.debian.org/lts/security/ Markus Koschany October 09, 2020 https://wiki.debian.org/LTS -...
CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
DEBIAN-CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
Xxe
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
UBUNTU-CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...
CVE-2019-17637
CVE-2019-17637 affects Eclipse Web Tools Platform up to version 3.18 (2020-06). The vulnerability arises in XML/DTD processing where external entities can cause local file contents to be sent to a remote server when files are edited or validated, even if external entity resolution is disabled. De...
CVE-2019-17637
In all versions of Eclipse Web Tools Platform through release 3.18 2020-06, XML and DTD files referring to external entities could be exploited to send the contents of local files to a remote server when edited or validated, even when external entity resolution is disabled in the user preferences...