64 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Didier Sampaolo SpamReferrerBlock plugin = 2.22 versions...
GeoServer Code Issues Vulnerabilities
GeoServer is an open source software server written in Java. It allows users to share and edit geospatial data. A security vulnerability exists in GeoServer versions 2.22.x prior to 2.22.5 and 2.23.x prior to 2.23.2 that originates from allowing users to share and edit geospatial data...
PT-2023-10310 · Gnu +1 · Glibc +1
Name of the Vulnerable Software and Affected Versions: glibc versions prior to 2.22 Description: The issue in the GNU C Library glibc might allow context-dependent attackers to cause a denial of service, resulting in an application crash. This can be demonstrated by using the fnmatch library...
Schneider Electric EcoStruxure Power Commission 路径遍历漏洞
Schneider Electric EcoStruxure Power Commission is a comprehensive software from Schneider Electric France that provides powerful features for setting up, testing, and commissioning low-voltage distribution cabinets. A path traversal vulnerability exists in Schneider Electric EcoStruxure Power...
Schneider Electric EcoStruxure Power Build 路径遍历漏洞
Schneider Electric EcoStruxure Power Build is a power distribution management software from Schneider Electric, France. The software helps users design, build, commission, operate and maintain electrical installations. A path traversal vulnerability exists in versions of Schneider Electric...
PT-2022-3485 · Schneider Electric · Ecostruxure Power Commission
Name of the Vulnerable Software and Affected Versions: EcoStruxure Power Commission versions prior to V2.22 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability. This could allow a remote attacker to...
PT-2022-3480 · Schneider Electric · Ecostruxure Power Commission
Name of the Vulnerable Software and Affected Versions: EcoStruxure Power Commission versions prior to V2.22 Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability. This could allow a remote attacker to...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2162 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.22)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2162 Source advisory: OSV:GHSA-CRG2-6XV3-QG5F...
ColumnPack:ColumnPack-plugin (=1.0.3), CustomHistory:CustomHistory (>=1.1 <=1.3) +1593 more potentially affected by CVE-2020-2161 via org.jenkins-ci.main:jenkins-core (>=1.396 <=2.22)
org.jenkins-ci.main:jenkins-core MAVEN version =1.396, =1.1, =0.0.1, =1.0, =1.0, =0.0.1, =0.1.0, =1.0, =0.9, =1.3, =1.0.5.0, =1.0.6.1 and more Source cves: CVE-2020-2161 Source advisory: OSV:GHSA-G8PG-QRVM-WGH2...
CVE-2021-37461
Cross Site Scripting XSS exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= reflected...
CVE-2021-37458
Cross Site Scripting XSS exists in NCH Axon PBX v2.22 and earlier via the primary phone field stored...
CVE-2021-37454
Cross Site Scripting XSS exists in NCH Axon PBX v2.22 and earlier via the line name stored...
CVE-2020-10517
An improper access control vulnerability was identified in GitHub Enterprise Server that allowed authenticated users of the instance to determine the names of unauthorized private repositories given their numerical IDs. This vulnerability did not allow unauthorized access to any repository conten...
CVE-2020-10518
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
Remote code execution
A remote code execution vulnerability was identified in GitHub Enterprise Server that could be exploited when building a GitHub Pages site. User-controlled configuration of the underlying parsers used by GitHub Pages were not sufficiently restricted and made it possible to execute commands on the...
CVE-2020-5260
CVE-2020-5260 affects Git by newline-injection in the credential helper protocol, enabling a crafted URL to exfiltrate credentials from one host to another. Affected Git releases were patched in April 2020; fixes are in 2.17.4, 2.18.3, 2.19.4, 2.20.3, 2.21.2, 2.22.3, 2.23.2, 2.24.2, 2.25.3, 2.26....
CVE-2018-17926
The product M2M ETHERNET FW Versions 2.22 and prior, ETH-FW Versions 1.01 and prior is vulnerable in that an attacker can upload a malicious language file by bypassing the user authentication mechanism...
ABB M2M ETHERNET Improper Authentication Vulnerability
ABB M2M ETHERNET is a network analysis device from ABB Switzerland. An authorization issue vulnerability exists in ABB M2M ETHERNET FW version 2.22 and earlier and ETH-FW version 1.01 and earlier. An attacker can exploit this vulnerability to upload malicious language files...
ABB M2M ETHERNET
1. EXECUTIVE SUMMARY CVSS v3 6.3 ATTENTION: Exploitable from an adjacent network/low skill level to exploit Vendor: ABB Equipment: M2M ETHERNET Vulnerability: Improper Authentication 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to upload a malicious...
Out-of-bounds
The fnmatch function in the GNU C Library aka glibc or libc6 before 2.22 might allow context-dependent attackers to cause a denial of service application crash via a malformed pattern, which triggers an out-of-bounds read...