Orca Management Organization Co., Ltd. Security Vulnerabilities

Insecure Authentication And Session Management

magento/community-edition is vulnerable to Insecure Authentication and session management. The vulnerability is due to inadequate session validation, allows authenticated users to manipulate session parameters related to authentication and session management on the storefront, leading to security.....

Security Bulletin: IBM Engineering Requirements Management DOORS Next is vulnerable to XML External Entity Injection (XEE) (CVE-2023-45192)

Summary IBM Engineering Requirements Management DOORS Next is vulnerable to CVE-2023-45192 (potential XML External Entity Injection (XEE) attacks). Vulnerability Details ** CVEID: CVE-2023-45192 DESCRIPTION: **IBM Engineering Requirements Management DOORS Next is vulnerable to an XML External...

Security Bulletin: Vulnerabilities in Golang Go and RabbitMQ Java Client might affect IBM Storage Copy Data Management

Summary IBM Storage Copy Data Management can be affected by vulnerabilities in Golang Go and RabbitMQ Java Client. Vulnerabilities include cause a denial of service condition and cause a memory overflow on the system as described by the CVE in the "Vulnerability Details" section. CVE-2023-45288,...

Poultry Farm Management System v1.0 - Remote Code Execution (RCE)

...

TWiki 'organization' XSS Vulnerability

TWiki is prone to a cross-site scripting (XSS)...

Security Bulletin: IBM Maximo Asset Management - There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application (CVE-2024-29203)

Summary There is a vulnerability in tinymce-6.7.3.min.js used by IBM Maximo Asset Management application. Vulnerability Details ** CVEID: CVE-2024-29203 DESCRIPTION: **TinyMCE is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by the iframe elements. A...

Security Bulletin: IBM Maximo Asset Management application is vulnerable to sensitive information disclosure (CVE-2024-22333)

Summary IBM Maximo Asset Management application is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system. CVSS Base score: 4...

Security Bulletin: IBM Jazz Reporting Service is vulnerable to Information Disclosure (CVE-2024-25052)

Summary If Jazz Authentication Service is enabled, IBM Jazz Reporting System shows the JSA Client Secret in plain text. Vulnerability Details ** CVEID: CVE-2024-25052 DESCRIPTION: **IBM Jazz Reporting Service stores user credentials in plain clear text which can be read by an Admin user. CVSS...

Poultry Farm Management System v1.0 - Remote Code Execution Exploit

...

Exploit for Improper Ownership Management in Linux Linux Kernel

Installation bash make...

Exploit for Improper Privilege Management in Sudo Project Sudo

CVE-2023-22809 CVE-2023-22809 is a critical...

Exploit for Improper Privilege Management in Linux Linux Kernel

CVE-2022-25636 This is my exploit for CVE-2022-25636. I...

Exploit for Improper Privilege Management in Sudo Project Sudo

CVE-2023-22809 sudo Privilege escalation Affected sudo...

Exploit for Improper Ownership Management in Linux Linux Kernel

README `` gcc -Wall exp.cpkg-config fuse --cflags...

Boelter Blue System Management 1.3 - SQL Injection Vulnerability

...

Exploit for Improper Ownership Management in Linux Linux Kernel

编译 bash make all...

CVE-2022-38975

DOM-based cross-site scripting vulnerability in EC-CUBE 4 series (EC-CUBE 4.0.0 to 4.1.2) allows a remote attacker to inject an arbitrary script by having an administrative user of the product to visit a specially crafted...

My Account Portal - Role Management FAQ

Only the License Administrator and designated Case Administrators can submit support cases. Please be sure to verify your License Administrator and define valid Case Administrators for your Veeam...

Microsoft Organization Chart RCE Vulnerability

The host has Microsoft Organization Chart, which is prone to a remote code execution...

Boelter Blue System Management 1.3 SQL Injection

...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure (CVE-2022-35718)

Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....

Cisco Firepower Management Center Software SQL Injection Vulnerability

A vulnerability in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to conduct SQL injection attacks on an affected system. This vulnerability exists because the web-based management interface does not adequately...

CVE-2021-33950

An issue discovered in OpenKM v6.3.10 allows attackers to obtain sensitive information via the XMLTextExtractor...

Exploit for Improper Privilege Management in Wfs Heaven Burns Red

EvilWfshbr...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Beanutils

Summary Multiple vulnerabilities have been identified in Apache Commons Beanutils, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2019-10086 DESCRIPTION:...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details ** CVEID: CVE-2017-15708 DESCRIPTION:...

Cisco Firepower Management Center Software Object Group Access Control List Bypass Vulnerability

A vulnerability in the Object Groups for Access Control Lists (ACLs) feature of Cisco Firepower Management Center (FMC) Software could allow an unauthenticated, remote attacker to bypass configured access controls on managed devices that are running Cisco Firepower Threat Defense (FTD) Software....

Intel Active Management - Authentication Bypass

Intel Active Management platforms are susceptible to authentication bypass. A non-privileged network attacker can gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology (AMT) and Intel Standard Manageability. A non-privileged local attacker can provision....

Exploit for Improper Privilege Management in Enlightenment

Description Taken from...

Exploit for Improper Privilege Management in Sudo Project Sudo

Linux Privilege...

Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerability CVE-2024-28793

Summary Vulnerability CVE-2024-28793 affects the Team Concert Git plugin of IBM Engineering Workflow Management (EWM). Vulnerability Details ** CVEID: CVE-2024-28793 DESCRIPTION: **IBM Engineering Workflow Management is vulnerable to stored cross-site scripting. Under certain configurations, this.....

Oracle Portal Demo Organization Chart Detection

The remote web server hosts the Oracle Portal Organization Chart demo...

AEGON LIFE v1.0 Life Insurance Management System - SQL injection vulnerability.

...

AEGON LIFE v1.0 Life Insurance Management System - SQL injection Vulnerability

...

Grafana: Users outside an organization can delete a snapshot with its key in github.com/grafana/grafana

Grafana: Users outside an organization can delete a snapshot with its key in...

Smart S210 Management Platform - Arbitary File Upload

A vulnerability has been found in Byzoro Smart S210 Management Platform up to 20240117 and classified as critical. This vulnerability affects unknown code of the file /Tool/uploadfile.php. The manipulation of the argument file_upload leads to unrestricted...

Smart s200 Management Platform v.S200 - SQL Injection

SQL Injection vulnerability in Baizhuo Network Smart s200 Management Platform v.S200 allows a local attacker to obtain sensitive information and escalate privileges via the /importexport.php...

Cisco Integrated Management Controller CLI Command Injection Vulnerability

A vulnerability in the CLI of the Cisco Integrated Management Controller (IMC) could allow an authenticated, local attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit this vulnerability, the attacker must have read-only or...

Security Bulletin: IBM Sterling Order Management using IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack.

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service attack caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. Vulnerability Details ** CVEID: CVE-2023-38737 ...

Cisco Finesse Web-Based Management Interface Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Finesse could allow an unauthenticated, remote attacker to perform a stored cross site-scripting (XSS) attack by exploiting a remote file inclusion (RFI) vulnerability or perform a server-side request forgery (SSRF) attack an.....

Exploit for SQL Injection in Crmeb

CVE-2024-36837 POC write URL in url.txt and run...

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/user-login.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/doctor.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...

Microfinance Management System 1.0 - SQL Injection

Microfinance Management System 1.0 is susceptible to SQL...

AEGON LIFE v1.0 Life Insurance Management System - Remote Code Execution Vulnerability

...

Security Bulletin: Maximo Asset Management: IBM SDK, Java Technology Edition Quarterly CPU - Apr 2024 - Includes Oracle April 2024 CPU plus CVE-2023-38264

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....

Hospital Management System 1.0 - SQL Injection

Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /HMS/admin.php. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the affected...

litellm vulnerable to improper access control in team management

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

litellm vulnerable to improper access control in team management

berriai/litellm version 1.34.34 is vulnerable to improper access control in its team management functionality. This vulnerability allows attackers to perform unauthorized actions such as creating, updating, viewing, deleting, blocking, and unblocking any teams, as well as adding or deleting any...

AEGON LIFE v1.0 Life Insurance Management System - Unauthenticated Remote Code Execution (RCE)

...