Güncel Güvenlik Açıkları

OpenIAM before 4.2.0.3 allows remote attackers to execute arbitrary code via Groovy Script. Devamını Oku

OpenIAM before 4.2.0.3 does not verify if a user has permissions to perform /webconsole/rest/api/* administrative actions. Devamını Oku

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. Devamını Oku

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. Devamını Oku

OpenIAM before 4.2.0.3 allows XSS in the Add New User feature. Devamını Oku

OpenIAM before 4.2.0.3 allows Directory Traversal in the Batch task. Devamını Oku

ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header. Devamını Oku

Union Pay up to 3.4.93.4.9, for android, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. Devamını Oku

Union Pay up to 3.3.12, for iOS mobile apps, contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. Devamını Oku

Union Pay up to 1.2.0, for web based versions contains a CWE-347: Improper Verification of Cryptographic Signature vulnerability, allows attackers to shop for free in merchants' websites and mobile apps, via a crafted authentication code (MAC) which is generated based on a secret key which is NULL. Devamını Oku

Redmine before 3.4.13 and 4.x before 4.0.6 mishandles markup data during Textile formatting. Devamını Oku

Redmine before 4.0.7 and 4.1.x before 4.1.1 has XSS via the back_url field. Devamını Oku