rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without…

An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to…

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary…

An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to…

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary…

Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated…

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users…

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note…

The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP…

The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka…