In PrestaShop from version 22.214.171.124 and before version 126.96.36.199, the authentication system is malformed and an attacker is able to forge requests and execute admin commands. The problem is fixed in 188.8.131.52.
In PrestaShop from version 184.108.40.206 and before version 220.127.116.11, if a target sends a corrupted file, it leads to a reflected XSS. The problem is fixed in 18.104.22.168
In PrestaShop from version 22.214.171.124 and before version 126.96.36.199, the dashboard allows rewriting all configuration variables. The problem is fixed in 188.8.131.52
In PrestaShop from version 184.108.40.206 and before 220.127.116.11, there is information exposure in the upload directory. The problem is fixed in version 18.104.22.168. A possible workaround is to add an empty index.php file in the upload directory.
In PrestaShop from version 22.214.171.124 and before version 126.96.36.199, there is a stored XSS when using the name of a quick access item. The problem is fixed in 188.8.131.52.
IBM Security Identity Manager Virtual Appliance 7.0.2 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171512.
IBM Security Identity Manager Virtual Appliance 7.0.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link and the attacker can then obtain the cookie value by snooping the traffic. IBM X-Force ID: 172014.
openSIS through 7.4 allows Directory Traversal.
openSIS through 7.4 allows SQL Injection.
openSIS before 7.4 allows SQL Injection.
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email firstname.lastname@example.org