In Apache Impala before 3.0.1, ALTER TABLE/VIEW RENAME required ALTER on the old table. Missing authorization check in Apache Impala before 3.0.1 allows a Kerberos-authenticated but unauthorized user to inject random data into a running query, leading to wrong results for a query. Showing those credentials in clear text form for every user which have access just to the process list. This could lean in undesirable situations such as passphrases credentials passed as a parameter for the ssh-keygen executable. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim to supply malicious HTML or JavaScript code to WebAccess, which is then reflected back to the victim and executed by the web browser.Ījenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.Īnsible "User" module leaks any data which is passed on as a parameter to ssh-keygen. dll component that is susceptible to external control of file name or path vulnerability, which may allow an arbitrary file deletion when processing.Īdvantech WebAccess 8.3.1 and earlier has a path traversal vulnerability which may allow an attacker to execute arbitrary code.Īdvantech WebAccess 8.3.1 and earlier has several stack-based buffer overflow vulnerabilities that have been identified, which may allow an attacker to execute arbitrary code.Īdvantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. A remote authenticated attacker could potentially exploit this vulnerability by sending a crafted HTTP request to broadweb/system/opcImg.asp.Īdvantech WebAccess 8.3.1 and earlier has a. The "runtar" setuid root binary does not check for additional arguments supplied after -create, allowing users to manipulate commands and perform command injection as root.Īdvantech WebAccess 8.3.1 and earlier has an improper privilege management vulnerability, which may allow an attacker to access those files and perform actions at a system administrator level.Īdvantech WebAccess 8.3.2 and below is vulnerable to a stack buffer overflow vulnerability. A user with backup privileges can trivially compromise a client installation. It runs binaries with root permissions when parsing the command line argument -star-path.Īn issue was discovered in Amanda 3.3.1. Amstar is an Amanda Application API script. Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.Īdvanced_maryland_automatic_network_disk_archiver - advanced_maryland_automatic_network_disk_archiverĪn issue was discovered in Amanda 3.3.1.
0 Comments
Leave a Reply. |