In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.Īn issue was discovered in the byte_struct crate before 0.6.1 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block. Note that both the previously published prerequisites for CVE-2020-9484 and the previously published mitigations for CVE-2020-9484 also apply to this issue.Īn issue was discovered in the bam crate before 0.1.3 for Rust. to 7.0.107 with a configuration edge case that was highly unlikely to be used, the Tomcat instance was still vulnerable to CVE-2020-9494. The fix for CVE-2020-9484 was incomplete. The fixed version is FTA_9_12_444 and later. Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |