In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.34.0, the `TokenRevocationHandler` ignores errors coming from the storage. This can lead to unexpected 200 status codes indicating successful...
In ORY Fosite (the security first OAuth2 & OpenID Connect framework for Go) before version 0.31.0, when using "private_key_jwt" authentication the uniqueness of the `jti` value is not checked. When using client authentication method...
In PrestaShop from version 1.5.0.0 and before version 1.7.6.8, users are allowed to send compromised files. These attachments allowed people to input malicious JavaScript which triggered an XSS payload. The problem is fixed in...
In PrestaShop from version 1.6.0.4 and before version 1.7.6.8 an attacker is able to inject javascript while using the contact form. The problem is fixed in 1.7.6.8 Date published : 2020-09-24 https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-5cp2-r794-w37w https://github.com/PrestaShop/PrestaShop/commit/562a231fec18a928e4a601860416fe11af274672
PrestaShop from version 1.7.5.0 and before version 1.7.6.8 is vulnerable to a blind SQL Injection attack in the Catalog Product edition page with location parameter. The problem is fixed in 1.7.6.8 Date published :...
vm/opcodes.c in JerryScript 2.2.0 allows attackers to hijack the flow of control by controlling a register. Date published : 2020-09-24 https://github.com/googleprojectzero/fuzzilli#JerryScript https://github.com/jerryscript-project/jerryscript/issues/3858
Parameter psClass in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this...
Parameter AttFilterValue in ednareporting.asmx is vulnerable to unauthenticated SQL injection attacks. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. An attacker can send unauthenticated HTTP requests to trigger this...
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstanceName in CHaD.asmx...
SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter ClassName in CHaD.asmx is...
An SQL injection vulnerability exists in the CHaD.asmx web service functionality of eDNA Enterprise Data Historian 3.0.1.2/7.5.4989.33053. Specially crafted SOAP web requests can cause SQL injections resulting in data compromise. Parameter InstancePath in CHaD.asmx...
Pexip Infinity before 23.4 has a lack of input validation, leading to temporary denial of service via H.323. Date published : 2020-09-24 https://docs.pexip.com/admin/security_bulletins.htm https://www.pexip.com
ismartgate PRO 1.5.9 is vulnerable to clickjacking. Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf
ismartgate PRO 1.5.9 is vulnerable to malicious file uploads via the form for uploading sounds to garage doors. The magic bytes for WAV must be used. Date published : 2020-09-24 https://ismartgate.com/secure-garage-door/ https://kth.diva-portal.org/smash/get/diva2:1464458/FULLTEXT01.pdf