SAP Commerce Cloud, versions- 1808,1811,1905,2005, allows an attacker to bypass existing authentication and permission checks via the ‘/medias’ endpoint hence gaining access to Secure Media folders. This folder could contain sensitive files that results...
SAP AS ABAP(DMIS), versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions – 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function...
SAP ERP Client for E-Bilanz, version – 1.0, installation sets Incorrect default filesystem permissions are set in its installation folder which allows anyone to modify the files in the folder. Date published : 2020-11-10...
Remote Code Execution can occur via the external news feed in ILIAS 6.4 because of incorrect parameter sanitization for Magpie RSS data. Date published : 2020-11-10 https://medium.com/bugbountywriteup/exploiting-ilias-learning-management-system-4eda9e120620
An XSS issue exists in the question-pool file-upload preview feature in ILIAS 6.4. Date published : 2020-11-10 https://medium.com/bugbountywriteup/exploiting-ilias-learning-management-system-4eda9e120620
The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution....
A10 Networks ACOS and aGalaxy management Graphical User Interfaces (GUIs) have an unauthenticated Remote Code Execution (RCE) vulnerability that could be used to compromise affected ACOS systems. ACOS versions 3.2.x (including and after 3.2.2),...
Incorrect file permissions in BlueStacks 4 through 4.230 on Windows allow a local attacker to escalate privileges by modifying a file that is later executed by a higher-privileged user. Date published : 2020-11-10 https://support.bluestacks.com/hc/en-us/articles/360051471652–Bluestacks-update-fixes-vulnerabilities
The Canto plugin 1.3.0 for WordPress allows includes/lib/download.php?subdomain= SSRF. Date published : 2020-11-10 https://gist.github.com/Hakooraevil/264cb21034f946eee62371e9111c36bb https://github.com/CantoDAM/Canto-Wordpress-Plugin
Ilex International Sign&go Workstation Security Suite 7.1 allows elevation of privileges via a symlink attack on ProgramDataIlexS&GLogs00-sngWSService1.log. Date published : 2020-11-10 http://ilex.com http://signgo.com
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, would perform unbounded read operations on user-controlled ~/.pam_environment files, allowing an infinite loop if /dev/zero is symlinked to this location. Date...
An Ubuntu-specific modification to AccountsService in versions before 0.6.55-0ubuntu13.2, among other earlier versions, improperly dropped the ruid, allowing untrusted users to send signals to AccountService, thus stopping it from handling D-Bus messages in a...
The previous default setting for Airflow’s Experimental API was to allow all API requests without authentication, but this poses security risks to users who miss this fact. From Airflow 1.10.11 the default has been...
The frame touch module does not make validity judgments on parameter lengths when processing specific parameters,which caused out of the boundary when memory access.The vulnerability eventually leads to a local DOS on the device....