Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-1114PUBLISHED: 2019-12-05A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the filter parameter to cmd.php in an export and exporter_id action. and the filteruid parameter to list.php.
CVE-2012-1115PUBLISHED: 2019-12-05A Cross-Site Scripting (XSS) vulnerability exists in LDAP Account Manager (LAM) Pro 3.6 in the export, add_value_form, and dn parameters to cmd.php.
CVE-2012-1592PUBLISHED: 2019-12-05A local code execution issue exists in Apache Struts2 when processing malformed XSLT files, which could let a malicious user upload and execute arbitrary files.
CVE-2019-16770PUBLISHED: 2019-12-05A poorly-behaved client could use keepalive requests to monopolize Puma's reactor and create a denial of service attack. If more keepalive connections to Puma are opened than there are threads available, additional connections will wait permanently if the attacker sends requests frequently enough.
CVE-2019-19609PUBLISHED: 2019-12-05The Strapi framework before 3.0.0-beta.17.8 is vulnerable to Remote Code Execution in the Install and Uninstall Plugin components of the Admin panel, because it does not sanitize the plugin name, and attackers can inject arbitrary shell commands to be executed by the execa function.
User Rank: Ninja
8/10/2015 | 1:03:41 PM
Worst case scenario should have been losing data since previous nights backup. Sounds like they were using MS Word and Quickbooks to run the business. What a joke.