Tagged: Cybersecurity Alert

In Search Guard FLX versions 3.1.2 and earlier, while Document-Level Security (DLS) is correctly enforced elsewhere, when the search is triggered from a Signals watch, the DLS rule is not enforced, allowing access to...

Rockwell Automation Arena® suffers from a stack-based buffer overflow vulnerability. The specific flaw exists within the parsing of DOE files. Local attackers are able to exploit this issue to potentially execute arbitrary code on...

QuickCMS is vulnerable to multiple Stored XSS in language editor functionality (languages). Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed on every page. By default...

Authorization Bypass Through User-Controlled Key, Weak Password Recovery Mechanism for Forgotten Password, Authentication Bypass by Assumed-Immutable Data vulnerability in Optimus Software Brokerage Automation allows Exploiting Trust in Client, Authentication Bypass, Manipulate Registry Information.This issue...

The School Management System – WPSchoolPress plugin for WordPress is vulnerable to SQL Injection via the ‘SCodes’ parameter in all versions up to, and including, 2.2.23 due to insufficient escaping on the user supplied...

Mattermost versions 10.11.x

Mattermost versions

Mattermost versions

Mattermost versions 10.11.x

Mattermost versions

The Creta Testimonial Showcase WordPress plugin before 1.2.4 is vulnerable to Local File Inclusion. This makes it possible for authenticated attackers, with editor-level access and above, to include and execute arbitrary files on the...

Improper neutralization of special elements used in an OS command (‘OS Command Injection’) issue exists in NCP-HG100 1.4.48.16 and earlier. If exploited, a remote attacker who has obtained the authentication information to log in...

IQ-Support developed by IQ Service International has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to download arbitrary system files. More information : https://www.twcert.org.tw/en/cp-139-10502-11c6d-2.html

IQ-Support developed by IQ Service International has a Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to access specific APIs to obtain sensitive information from the internal network. More information : https://www.twcert.org.tw/en/cp-139-10502-11c6d-2.html