برچسب: امنیت

Description Mattermost versions 10.1.x <= 10.1.3, 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to restrict channel export of archived channels when the “Allow users to view archived channels” is disabled which allows a user to export channel contents when they shouldn’t have access to it References https://mattermost.com/security-updates مدیریت سرور…

Description Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards. References https://mattermost.com/security-updates مدیریت سرور پشتیبانی و ثبت دامنه…

Description In the Linux kernel, the following vulnerability has been resolved: IORING_OP_READ did not correctly consume the provided buffer list when read i/o returned < 0 (except for -EAGAIN and -EIOCBQUEUED return). This can lead to a potential use-after-free when the completion via io_rw_done runs at separate context. References https://git.kernel.org/stable/c/a08d195b586a217d76b42062f88f375a3eedda4d https://git.kernel.org/stable/c/72060434a14caea20925e492310d6e680e3f9007 https://git.kernel.org/stable/c/6c27fc6a783c8a77c756dd5461b15e465020d075 مدیریت سرور پشتیبانی…

Description The WPO365 | MICROSOFT 365 GRAPH MAILER plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 3.2. This is due to insufficient validation on the redirect url supplied via the ‘redirect_to’ parameter. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if 1.…

Details Source: Mitre, NVD Published: 2025-02-24 Updated: 2025-02-24 Risk Information CVSS v2 Base Score: 7.5 Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P Severity: High CVSS v3 Base Score: 7.5 Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Severity: High CVSS v4 Base Score: 5.3 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N Severity: Medium مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Tekrom Technology T-Soft E-Commerce allows Cross-Site Scripting (XSS).This issue affects T-Soft E-Commerce: before v5. References https://www.usom.gov.tr/bildirim/tr-25-0041 مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description A vulnerability was found in libarchive up to 3.7.7. It has been classified as problematic. This affects the function list of the file bsdunzip.c. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.…

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Agito Computer Life4All allows SQL Injection.This issue affects Life4All: before 10.01.2025. References https://www.usom.gov.tr/bildirim/tr-25-0042 مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Files or Directories Accessible to External Parties vulnerability in Agito Computer Health4All allows Exploiting Incorrectly Configured Access Control Security Levels, Authentication Abuse.This issue affects Health4All: before 10.01.2025. References https://www.usom.gov.tr/bildirim/tr-25-0042 مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ

Description Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Agito Computer Health4All allows SQL Injection.This issue affects Health4All: before 10.01.2025. References https://www.usom.gov.tr/bildirim/tr-25-0042 مدیریت سرور پشتیبانی و ثبت دامنه – آفاق هاستینگ