![]() ![]() Prototype pollution vulnerability in ‘dset’ versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.Įsri ArcGIS Server before 10.8 is vulnerable to SSRF in some configurations.įlamingo (aka FlamingoIM) through has a SQL injection vulnerability in UserManager::addGroup.įlamingo (aka FlamingoIM) through has a SQL injection vulnerability in UserManager::updateUserTeamInfoInDbAndMemory.įlamingo (aka FlamingoIM) through has a SQL injection vulnerability in UserManager::updateUserInfoInDb.įlamingo (aka FlamingoIM) through has a SQL injection vulnerability in UserManager::addUser. Prototype pollution vulnerability in ‘deep-set’ versions 1.0.0 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution. An attacker can escalate to root by writing arbitrary code to this file, which would be executed by root during the next login, reboot, or sourcing of the environment.Īgentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php newpassword function.Īgentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php resetpassword function.Īgentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function.īackblaze for Windows before 7.0.1.433 and Backblaze for macOS before 7.0.1.434 suffer from improper certificate validation in `bztransmit` helper due to hardcoded whitelist of strings in URLs where validation is disabled leading to possible remote code execution via client update functionality. An incorrect permission assignment (chmod 777) of /etc/environment during the installation script of No Magic TeamworkCloud 18.0 through 19.0 allows any local unprivileged user to write to /etc/environment.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |