SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Date published : 2018-04-10 http://www.securityfocus.com/bid/103727 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
SAP Disclosure Management 10.1 does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. Date published : 2018-04-10 http://www.securityfocus.com/bid/103727 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. Date published : 2018-04-10 http://www.securityfocus.com/bid/103704 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
Improper session management when using SAP Cloud Platform 2.0 (Connectivity Service and Cloud Connector). Under certain conditions, data of some other user may be shown or modified when using an application built on top...
Improper Session Management in SAP Business Objects, 4.0, from 4.10, from 4.20, 4.30, CMC/BI Launchpad/Fiorified BI Launchpad. In case of password change for a user, all other active sessions created using older password continues...
Unquoted windows search path (directory/path traversal) vulnerability in Crystal Reports Server, OEM Edition (CRSE), 4.0, 4.10, 4.20, 4.30, startup path. Date published : 2018-04-10 http://www.securityfocus.com/bid/103719 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. Date published : 2018-04-10 http://www.securityfocus.com/bid/103703 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
SAP Disclosure Management 10.1 allows an attacker to upload any file without proper file format validation. Date published : 2018-04-10 http://www.securityfocus.com/bid/103727 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018/
Under certain conditions, SAP Disclosure Management 10.1 allows an attacker to access information which would otherwise be restricted. It is possible for an authorized user to get SAP Disclosure Management to point a specific...
The decode_init function in libavcodec/utvideodec.c in FFmpeg through 3.4.2 allows remote attackers to cause a denial of service (out of array read) via an AVI file. Date published : 2018-04-10 http://www.securityfocus.com/bid/103732 https://www.debian.org/security/2018/dsa-4249
The Video Downloader professional extension before 2018-04-05 for Chrome has Universal XSS (UXSS) via vectors related to a link64_msgAddLinks event. Date published : 2018-04-10 https://bugs.chromium.org/p/project-zero/issues/detail?id=1555
An information disclosure vulnerability exists in the iConfig proxy request of Zabbix server 2.4.X. A specially crafted iConfig proxy request can cause the Zabbix server to send the configuration information of any Zabbix proxy,...
The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. Date published : 2018-04-09 3CX Free Live Chat, Calls & WhatsApp https://www.gubello.me/blog/wp-live-chat-support-8-0-05-stored-xss/
util.c in runV 1.0.0 for Docker mishandles a numeric username, which allows attackers to obtain root access by leveraging the presence of an initial numeric value on an /etc/passwd line, and then issuing a...