An access control issue in MantisBT before 1.2.13
Overview : An access control issue in MantisBT before 1.2.13 allows users with “Reporter” permissions to change any issue to
Access token validation errors affects all versions of Apache CXF prior to 3.3.4 and 3.2.11.
Overview : Apache CXF OpenId Connect token service does not properly validate the clientId Affected Product(s) : Apache CXF prior
Open Redirection in Drupal6 version 6.16
Overview : drupal6: SA-CORE-2010-002 – Drupal core – Multiple vulnerabilities Affected Product(s) : Drupal6 version 6.16 Vulnerability Details : CVE
SQL Injection flaw in SuiteCRM
Overview : SuiteCRM 7.10.x versions prior to 7.10.21 and 7.11.x versions prior to 7.11.9 allow SQL Injection. Affected Product(s) :
Linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.
Overview : linux vserver priviledge escalation in remount code Affected Product(s) : linux vserver 2.6 before 2.6.17 Vulnerability Details :
Issues discovered in Joomla 3.2.0 – 3.9.12
Overview : Multiple flaws was discovered in Joomla 3.2.0 – 3.9.12 Affected Product(s) : Joomla! CMS versions 3.2.0 – 3.9.12
RHQ Mongo DB Drift Server vulnerability
Overview : An insecurity temporary file vulnerability exists in RHQ Mongo DB Drift Server through 2013-09-25 when unpacking zipped files.
Multiple vulnerabilities in TYPO3 Core
Overview : Multiple flaws was discovered in TYPO3 Core Affected Product(s) : TYPO3 versions 4.1.13 and below, 4.2.12 and below,
Attacks found in Honeywell Cameras
Overview : Multiple flaws was discovered in Honeywell equIP and Performance Series IP Cameras Affected Product(s) : Security Notification SN
IDOR vulnerability exists in Magento
Overview : An insecure direct object reference (IDOR) vulnerability exists in Magento Affected Product(s) : Magento 2.3 prior to 2.3.1,
SugarCRM CE unserialize PHP code execution in multiple files
Overview : SugarCRM CE <= 6.3.1 contains scripts that use “unserialize()” with user controlled input which allows remote attackers to
PostgreSQL security flaws
Overview : Multiple flaws was discovered in postgresql Affected Product(s) : postgresql 9.4 – 11 postgresql 11.x before 11.5 Vulnerability
Missing Authentication for Critical Function in IP-AK2
Overview : In IP-AK2 Access Control Panel Version 1.04.07 and prior, the integrated web server of the affected devices could
Potential SQL injection in PostgreSQL Zend\Db adapter
Overview : Zend Framework before 2.2.10 and 2.3.x before 2.3.5 has Potential SQL injection in PostgreSQL Zend\Db adapter. Affected Product(s)
TP-Link M7350 multiple vulnerabilities
Overview : Multiple security vulnerabilities in TP-Link M7350 devices Affected Product(s) : TP-Link M7350 devices through 1.0.16 Build 181220 Rel.1116n
IBM Security vulnerabilities released
Overview : Multiple security vulnerabilities have been updated in IBM products Affected Product(s) : IBM Maximo Asset Management 7.6 IBM
Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks
Overview : Apache Traffic Server is vulnerable to HTTP/2 setting flood attacks. Earlier versions of Apache Traffic Server didn’t limit
IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow
Overview : IBM DB2 High Performance Unload load for LUW 6.1 and 6.5 is vulnerable to a buffer overflow, caused
Authenticated SQL Injection in OpenEMR before 5.0.2.1
Overview : Authenticated SQL Injection in interface/forms/eye_mag/js/eye_base.php in OpenEMR through 5.0.2 allows a user to extract arbitrary data from the
Trend Micro Anti-Threat Toolkit (ATTK) RCE Vulnerability
Overview : Vulnerable versions of ATTK may allow an attacker to place malicious files in the same directory, potentially leading
Authentication Bypass Vulnerability in Citrix Application Delivery Controller and Citrix Gateway
Overview : An issue was discovered in Citrix Application Delivery Controller (ADC) and Gateway before 10.5 build 70.8, 11.x before
Information Disclosure Issue in Verodin Director version 3.5.3.1 and earlier
Overview : This advisory addresses a Information Disclosure vulnerability in Verodin Director affecting version 3.5.3.1 and earlier where an attacker
Etherpad-Lite 1.7.5 has an XSS Vulnerability
Overview : templates/pad.html in Etherpad-Lite 1.7.5 has XSS when the browser does not encode the path of the URL, as
Vulnerability was discovered in TOPMeeting before version 8.8
Overview : TOPMeeting security issues fixed. Affected Product(s) : TOPMeeting before version 8.8 Vulnerability Details : CVE ID : CVE-2019-13409