Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the browser history of the client and in log files of the web server or reverse proxy server. A possible attacker with access to the browser history or the server log files is able to take control of the user session with the help of the session ID. Versions prior to 18.4.2 are affected.
45d877f2bc8d1d68f308fad7fe918c90f982d284964eee41b93805a3c6fb1ad2OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality.
f3e63ffea1416dffa063591f3a4d64e9cd1199687a6d7273f62fcad46fd75f81ERPNext versions 12.18.0 and 13.0.0 suffer from reflective and persistent cross site scripting vulnerabilities.
699a6d07a77fc3e81b2deafe5caea2a355ca696143d694138925ef128a29180bERPNext versions 12.18.0 and 13.0.0 suffer from an authenticated remote SQL injection vulnerability.
523163a0deb062c88867d1adebaf1f37f29d520b23f43bd038e1cf829c50a149Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.
023ad89f274a1ee4b96e849967a0021876dca5479963125bc3acb45d9a8cf6faMensaMax version 4.3 performs unencrypted transmission and usage of a hardcoded encryption key.
3cd8065dd48d7d82f5cade11787b7892f6cea9251b6c9ac1fc349fe44dde5884Dolibarr version 4.0.4 suffers from cross site scripting, weak hashing, weak password change, and remote SQL injection vulnerabilities.
67e466b14aa97ac21950629117eb4c52ee558b2a3430fa6644da1913cbe9299e
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed