dolibarr/dolibarr is vulnerable to privilege escalation. The vulnerability exists due to improper authorization checks in the library, allowing an attacker to escalate privileges via crafted API call, ...
Continue Reading
November 18, 2022
** UNSUPPORTED WHEN ASSIGNED ** In the default configuration of Apache SOAP, an RPCRouterServlet is available without authentication. This gives an attacker the possibility to invoke methods on the cl ...
Continue Reading
November 18, 2022
Concrete CMS is vulnerable to CSRF due to the lack of "State" parameter for external Concrete authentication service for users of Concrete who use the "out of the box" core OAuth.Read More ...
Continue Reading
November 17, 2022
## Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by Rational Asset Analyzer. This vulnerability is located in the GraphQL Java library used by IBM WebSphere Applica ...
Continue Reading
November 17, 2022
This Metasploit module exploits the Git fetch command in the Gitea repository migration process to allow for remote command execution on the system. This vulnerability affect Gitea versions prior to 1 ...
Continue Reading
November 17, 2022
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:5904 advisory. Note that Nessus has not tested for this issue but has instead rel ...
Continue Reading
November 17, 2022
soap is vulnerable to untrusted data deserialization. The vulnerability exists due to lack of authentication in `RPCRouterServlet` which allows an attacker to execute arbitrary code in to the system.R ...
Continue Reading
November 16, 2022
Back to Main
