Monthly Archives: April 2022

Advisories

CVE-2020-13590

Read Time:17 Second

Multiple exploitable SQL injection vulnerabilities exist in the ‘entities/fields’ page of the Rukovoditel Project Management App 2.7.2. A specially crafted HTTP request can lead to SQL injection. An attacker can make authenticated HTTP requests to trigger these vulnerabilities, this can be done either with administrator credentials or through cross-site request forgery.

Read More

Advisories

CVE-2020-13567

Read Time:10 Second

Multiple SQL injection vulnerabilities exist in phpGACL 3.3.7. A specially crafted HTTP request can lead to a SQL injection. An attacker can send an HTTP request to trigger this vulnerability.

Read More

Advisories

CVE-2020-13495

Read Time:20 Second

An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles file offsets in binary USD files. A specially crafted malformed file can trigger an arbitrary out-of-bounds memory access that could lead to the disclosure of sensitive information. This vulnerability could be used to bypass mitigations and aid additional exploitation. To trigger this vulnerability, the victim needs to access an attacker-provided file.

Read More

Advisories

CVE-2011-1762

Read Time:12 Second

A flaw exists in WordPress related to the ‘wp-admin/press-this.php ‘script improperly checking user permissions when publishing posts. This may allow a user with ‘Contributor-level’ privileges to post as if they had ‘publish_posts’ permission.

Read More