19 matches found
HPE System Management - Cross-Site Scripting
HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...
CVE-2024-12544
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJSDeleteFile class in all versions up to, and includin...
CVE-2024-12544
creationtimestamp| type| source ---|---|--- 2025-03-01 08:27:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/6059 2025-03-01 09:48:04+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114086542311660523 2025-03-01 10:35:34+00:00| seen|...
CVE-2024-12544
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJSDeleteFile class in all versions up to, and includin...
CVE-2024-12544
Summary (supported by provided docs): CVE-2024-12544 affects the SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress. The vulnerability arises from a missing capability check in the SurveyJS_DeleteFile callback, enabling an authenticated user with Subscriber-level access or higher t...
CVE-2024-12544 SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity <= 1.12.17 - Missing Authorization to Authenticated (Subscriber+) Arbitrary File Deletion via SurveyJS_DeleteFile
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to arbitrary file deletion due to a missing capability check on the callback function of the SurveyJSDeleteFile class in all versions up to, and includin...
HPE System Management Homepage Issue (CVE-2017-12544) - Ver2
A vulnerability exists in HPE System Management Homepage. Successful exploitation of this vulnerability could allow a remote attacker to damage users system...
Moderate: Red Hat Security Advisory: Red Hat OpenShift Application Runtimes security and bug fix update
An update is now available for Red Hat OpenShift Application Runtimes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...
be.fluid-it.reactive-microservice.bundle:bootique-vertx (=0.1-8), be.fluid-it.reactive-microservice.bundle:reactive-microservice-bundle-core (=0.1-8) +762 more potentially affected by CVE-2018-12544 via io.vertx:vertx-core (>=3.5.0 <=3.5.3.CR1)
io.vertx:vertx-core MAVEN version =3.5.0, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.2, =0.4.5 and more Source cves: CVE-2018-12544 Source advisory: OSV:GHSA-QH3M-QW6V-QVHG...
CVE-2018-12544
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...
CVE-2018-12544
In version from 3.5.Beta1 to 3.5.3 of Eclipse Vert.x, the OpenAPI XML type validator creates XML parsers without taking appropriate defense against XML attacks. This mechanism is exclusively when the developer uses the Eclipse Vert.x OpenAPI XML type validator to validate a provided schema...
CVE-2018-12544
CVE-2018-12544 affects Eclipse Vert.x OpenAPI XML type validator (versions 3.5.Beta1–3.5.3). The vulnerability stems from creating XML parsers without proper defenses against XML attacks, enabling XML External Entity (XXE) exploitation. Public references (Veracode, Red Hat advisory RHSA-2018:2946...
HPE System Management Homepage Cross-site Scripting (CVE-2017-12544) - Ver2
A cross-site scripting vulnerability exists in HPE System Management Homepage. Successful exploitation of this vulnerability would allow remote attackers to inject arbitrary web script into the affected system...
Appear TV XC Hardware Maintenance Centre Directory Traversal
CVE-2018-7539 Directory Traversal on Appear TV Maintenance centre 8088 Discoverer: Arqiva Threat Team Person Karl W Product: Appear TV XC Hardware Maintenance Centre on port TCP/8088 Vendor : Appear TV Code Versions: All Version Vulnerability: Directory Traversal Impact: It is possible to read OS...
HPE System Management 7.6.0.11 Cross Site Scripting
Product: HPE System Management Homepage Versions: 7.6.0.11 and minor versions Vulnerability: JavaScript Injection in file gsearch.php, parameter prod OWASP TOP 10: A1 Injection Type: Javascript Injection Impact: Allows an attacker to perform an XSS Cross-Site Scripting attack, execute arbitrary...
CVE-2017-12544
CVE-2017-12544 concerns HPE System Management Homepage (SMH) prior to version 7.6.1, where a cross-site scripting (XSS) vulnerability allows an attacker to execute arbitrary script in a user’s browser (in the context of the affected site) and could enable cookie-based credential theft. The Nuclei...
HP/HPE System Management Homepage (SMH) Multiple Remote Vulnerabilities (HPESBMU03753)
HP/HPE System Management Homepage SMH is prone to multiple vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is...
Fedora Update for community-mysql FEDORA-2015-12544
The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-12544
CVE-2020-12544 entry is rejected/not used; it does not represent an active vulnerability.