CVE-2024-53678

CVE-2024-53678 concerns Apache VCL with an SQL injection in the New Block Allocation form. Affected versions: 2.2–2.5.1. Root cause: improper neutralization of special elements in SQL commands, allowing an attacker to modify submitted form data and alter a SELECT statement. Impact as described: t...

CVE-2024-53679

CVE-2024-53679 is an Apache VCL XSS in the User Lookup form. The issue is caused by improper neutralization of input during web page generation, allowing a user with sufficient rights to craft or click a URL that can elevate privileges for a specified user. Affected software: Apache VCL up to ver...

CVE-2013-0267

CVE-2013-0267 affects Apache VCL: the Privileges portion of the web GUI and the XMLRPC API on VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2, and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or userGrant permissions to gain privileges, cause a denial of service, or...