An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the supplierUID parameter. An attacker can make an authenticated HTTP request…

An exploitable SQL injection vulnerability exists in ‘getAssets.jsp’ page of OpenClinic GA 5.173.3 in the serviceUID parameter. An attacker can make an authenticated HTTP request…

In Liberty lisPBX 2.0-4, configuration backup files can be retrieved remotely from /backup/lispbx-CONF-YYYY-MM-DD.tar or /backup/lispbx-CDR-YYYY-MM-DD.tar without authentication or authorization. These configuration files have all PBX…

pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. Devamını Oku

IBM Jazz Team Server products are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus…

IBM Jazz Team Server products contain an undisclosed vulnerability that could allow an authenticated user to present a customized message on the application which could…

IBM Jazz Team Server products use weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 192422.…

An Origin Validation Error vulnerability in Bitdefender Safepay allows an attacker to manipulate the browser's file upload capability into accessing other files in the same…

Usage of specific command line parameter in MongoDB Tools which was originally intended to just skip hostname checks, may result in MongoDB skipping all certificate…

An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote…