Common Vulnerabilities and Exposures

Authenticated directory traversal and local file inclusion in Observium via different parameter

Authenticated directory traversal and local file inclusion in Observium allows reading server files

SQL injection in Observium via different injection point allows database attacks

Cross-site scripting in Observium network monitoring platform allows script injection

SQL injection in Observium network monitoring platform allows database manipulation

Cross-site scripting in SilverStripe Advanced Reports Module allows script injection

Przepełnienie pamięci w Microsoft Edge (EdgeHTML) umożliwia zdalne wykonanie kodu przez spreparowaną zawartość webową

DLL hijacking in touchpad driver allows local attackers to execute arbitrary code with elevated privileges

Insecure direct object reference in ACF to REST API WordPress plugin allows unauthorized data access via permalink manipulation

Unauthenticated server-side request forgery in Bitrix CRM allows attackers to access internal systems

Cross-site scripting with WAF bypass in Bitrix CRM allows script injection despite security controls

Remote command execution via unrestricted file upload in ExpressionEngine allows arbitrary code execution

Directory traversal in Apache Wicket allows reading Wicket markup source files from the server

Remote stored XSS via attachment name in Afterlogic WebMail Pro 8.3.11 allows persistent script injection

Eskalacja uprawnień w F5 BIG-IP - użytkownik przejmuje kontrolę nad systemem