MiracleLinux 7 : tomcat-7.0.76-9.el7 (AXSA:2019-3775:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-3775:01 advisory. Security Fix - Apache Tomcat URL URL CVE-2018-11784 CVEJVNhttp://jvndb.jvn.jp/ Tenable has extracted the preceding description block directly from the...

CVE-2019-11784

Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...

CVE-2024-11784

The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-11784 Sell Tickets Online – TicketSource Ticket Shop for WordPress <= 3.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Sell Tickets Online – TicketSource Ticket Shop for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ticketshop' shortcode in all versions up to, and including, 3.0.2 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-11784

CVE-2024-11784 affects the TicketSource Ticket Shop (Sell Tickets Online – TicketSource) WordPress plugin. Per connected documents, all versions up to 3.0.2 are vulnerable to a Stored Cross-Site Scripting (XSS) via the plugin shortcode ticketshop due to insufficient input sanitization and output ...

Apache Tomcat 9.0.0.M1 < 9.0.12

The version of Tomcat installed on the remote host is prior to 9.0.12. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat9.0.12security-9 advisory. - When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90...

K64921482: Apache Tomcat vulnerability CVE-2018-11784

Security Advisory Description When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be...

SUSE CVE-2018-11784

When the default servlet in Apache Tomcat versions 9.0.0.M1 to 9.0.11, 8.5.0 to 8.5.33 and 7.0.23 to 7.0.90 returned a redirect to a directory e.g. redirecting to '/foo/' when the user requested '/foo' a specially crafted URL could be used to cause the redirect to be generated to any URI of the...

CVE-2018-11784

creationtimestamp| type| source ---|---|--- 2021-09-21 04:42:16+00:00| seen| https://t.me/pwnwikizhchannel/768 2024-01-09 09:36:31+00:00| seen| https://t.me/ctinow/164877 2026-01-20 10:25:51+00:00| seen| https://gist.github.com/christiankopac/0797838ab2b306060a09390db0528458...

Apache Tomcat 9.0.0.M1 - Open Redirect

Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect Date: 10/04/2018 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90 CVE : CVE-2018-11784 Proof of Concept: Identify a subfolder within your application http://example.com/test/...

Apache Tomcat 9.0.0M1 Open Redirect

Exploit Title: Apache Tomcat 9.0.0.M1 - Open Redirect Date: 10/04/2018 Exploit Author: Central InfoSec Version: Apache Tomcat 9.0.0.M1 to 9.0.0.11, 8.5.0 to 8.5.33, and 7.0.23 to 7.0.90 CVE : CVE-2018-11784 Proof of Concept: Identify a subfolder within your application http://example.com/test/...

Security Bulletin: Vulnerability in Apache Tomcat affects IBM Platform Symphony

Summary This interim fix provides instructions on upgrading Apache Tomcat from v6.0.43 to v8.5.37 in IBM Platform Symphony 7.1 Fix Pack 1 in order to address security vulnerability CVE-2018-11784 in Apache Tomcat. Vulnerability Details CVE-ID: CVE-2018-11784 Description: Apache Tomcat could allow...

SUSE: Security Advisory (SUSE-SU-2018:3935-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: Security vulnerabilities in Apache Tomcat affect multiple IBM Rational products based on IBM's Jazz technology

Summary The Jazz Team Server is shipped with/or supports versions of the Apache Tomcat web server which contains a security vulnerabilities that could potentially impact the following IBM Rational products deployed on Apache Tomcat: Collaborative Lifecycle Management CLM, Rational DOORS Next...

SUSE: Security Advisory (SUSE-SU-2018:3393-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE: Security Advisory (SUSE-SU-2018:3388-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 8 : pki-deps:10.6 (CESA-2019:1529)

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2019:1529 advisory. - tomcat: Open redirect in default servlet CVE-2018-11784 - tomcat: Insecure defaults in CORS filter enable 'supportsCredentials' for all origins...

CVE-2019-11784

creationtimestamp| type| source ---|---|--- 2020-12-22 20:53:13+00:00| seen| https://t.me/cibsecurity/21166...

CVE-2019-11784

Improper access control in mail module notifications in Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, allows remote authenticated users to obtain access to arbitrary messages in conversations they were not a party to...

CVE-2019-11784

Summary: CVE-2019-11784 affects Odoo Community 14.0 and earlier and Odoo Enterprise 14.0 and earlier, due to improper access control in the mail module (notifications). What is affected: The mail/notifications component of Odoo (both Community and Enterprise 14.x) with the described versions. Roo...