[webapps] Ulicms 2023.1 – create admin user via mass assignment
Ulicms 2023.1 – create admin user via mass assignment
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Ulicms 2023.1 – create admin user via mass assignment
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Zenphoto 1.6 – Multiple stored XSS
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
WBCE CMS 1.6.1 – Multiple Stored Cross-Site Scripting (XSS)
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
Filmora 12 version ( Build 1.0.0.7) – Unquoted Service Paths Privilege Escalation
Exploit ile ilgili teknik detaylar için Devamını Oku
Kaynak: Exploit-DB.com RSS Feed
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x deserialize untrusted JSON data without constraining the parser to approved classes and methods. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.3, including 8.3.x expose dashboard prompts to users who are not part of the authorization list. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
SQL injection in “/Framewrk/Home.jsp” file (POST method) in tCredence Analytics iDEAL Wealth and Funds – 1.0 iallows authenticated remote attackers to inject payload via “v” parameter. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The client in OpenText Archive Center Administration through 21.2 allows XXE attacks. Authenticated users of the OpenText Archive Center Administration client (Versions 16.2.3, 21.2, and older versions) could upload XML files to the application that it did not sufficiently validate. As a result, attackers could craft XML files that, when processed by the application, would…
Jumpserver 2.10.0 <= version <= 2.26.0 contains multiple stored XSS vulnerabilities because of improper filtering of user input, which can execute any javascript under admin’s permission. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
A security issue was discovered in ingress-nginx where a user that can create or update ingress objects can use a newline character to bypass the sanitization of the `spec.rules[].http.paths[].path` field of an Ingress object (in the `networking.k8s.io` or `extensions` API group) to obtain the credentials of the ingress-nginx controller. In the default configuration, that credential…
Windows workloads can run as ContainerAdministrator even when those workloads set the runAsNonRoot option to true. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database