Skip to content

TechMedia

Header Image
Category

MODERATE

588 Posts

Featured

Posted byWpmaster
[vitess.io/vitess] vitess allows users to create keyspaces that can deny access to already existing keyspaces
Posted byWpmaster
[github.com/answerdev/answer] Answer vulnerable to account takeover because password reset links do not expire
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to improper access control
Posted byWpmaster
[thorsten/phpmyfaq] thorsten/phpmyfaq vulnerable to stored cross-site scripting (XSS) via updatecategory parameter

[org.apache.inlong:inlong] Apache InLong contains Out-of-bounds Read vulnerability

  • Posted inMODERATE
  • Posted byWpmaster
  • 02/01/202302/03/2023

Out-of-bounds Read vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong’s latest version or cherry-pick https://github.com/apache/inlong/pull…

[ubi-reader] Path traversal in ubi-reader

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/31/202302/01/2023

ubireader_extract_files is vulnerable to path traversal when run against specifically crafted UBIFS files, allowing the attacker to overwrite files outside of the extraction directory (provided the process has write access to that file or directory). T…

[org.apache.linkis:linkis] Apache Linkis vulnerable to Exposure of Sensitive Information

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/31/202302/02/2023

In Apache Linkis <=1.3.0 when used with the MySQL Connector/J, an authenticated attacker could read arbitrary local file by connecting a rogue mysql server, By adding allowLoadLocalInfile to true in the jdbc parameter. Therefore, the parameters in t…

[org.apache.iotdb:iotdb-parent] Apache IoTDB contains Improper Authentication

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/31/202302/01/2023

Improper Authentication vulnerability in Apache Software Foundation Apache IoTDB.This issue affects Apache IoTDB: from 0.13.0 before 0.13.3.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-24830
https://lists.apache.org/thread/l4fon37687jz5ohgsnz…

[froxlor/froxlor] Froxlor contains Static Code Injection

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/30/202302/01/2023

Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0566
https://github.com/froxlor/froxlor/commit/bd5b99dc1c06f594b9563d459a50bf3b32504876
https://huntr.dev/bounties/8339e4f…

[froxlor/froxlor] Froxlor contains Business Logic Errors

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/30/202302/01/2023

Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0565
https://github.com/froxlor/froxlor/commit/2feb8020941a82bfb4ac68890f6ced0e5b3c4a15
https://huntr.dev/bounties/12d7829…

[froxlor/froxlor] Froxlor contains Unchecked Error Condition

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/30/202302/01/2023

Unchecked Error Condition in GitHub repository froxlor/froxlor prior to 2.0.10.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0572
https://github.com/froxlor/froxlor/commit/7b08a71c59430d06c1efb012a6c6448262aacdb1
https://huntr.dev/bounties/4ab…

[jszip] JSZip contains Path Traversal via loadAsync

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/29/202302/02/2023

loadAsync in JSZip before 3.8.0 allows Directory Traversal via a crafted ZIP archive.
References

https://nvd.nist.gov/vuln/detail/CVE-2022-48285
https://github.com/Stuk/jszip/commit/2edab366119c9ee948357c02f1206c28566cdf15
https://github.com/Stuk/jszi…

[froxlor/froxlor] Froxlor contains Weak Password Requirements

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/29/202302/01/2023

Weak Password Requirements in GitHub repository froxlor/froxlor prior to 2.0.10.
References

https://nvd.nist.gov/vuln/detail/CVE-2023-0564
https://github.com/froxlor/froxlor/commit/2a84e9c1207fd3d792b7fb198fd0c66fe1a66a7a
https://huntr.dev/bounties/a4…

[psiTurk] NYUCCL psiTurk vulnerable to Improper Neutralization of Special Elements

  • Posted inMODERATE
  • Posted byWpmaster
  • 01/29/202302/01/2023

A vulnerability has been found in NYUCCL psiTurk up to 3.2.0 and classified as critical. This vulnerability affects unknown code of the file psiturk/experiment.py. The manipulation of the argument mode leads to improper neutralization of special elemen…

Posts navigation

Previous Posts 1 2 3 4 5 … 59 Next Posts
TechMedia
WordPress theme by componentz

Archives

2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30
Hit enter to search or ESC to close