25 matches found
CVE-2021-27285
An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell...
CVE-2020-27285
The default configuration of Crimson 3.1 Build versions prior to 3119.001 allows a user to be able to read and modify the database without authentication...
CVE-2025-27285
CVE-2025-27285 is a reflected XSS in WordPress plugin Easy Form by AYS, caused by improper input neutralization during web page generation. Affected: Easy Form by AYS (versions n/a–2.6.9). Impact per sources: potential user-facing cross-site scripting with HIGH severities (CVSS v3.1 ~7.1). Mitiga...
CVE-2025-27285 WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...
CVE-2025-27285 WordPress Easy Form by AYS Plugin <= 2.6.9 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ays Pro Easy Form easy-form allows Reflected XSS.This issue affects Easy Form: from n/a through = 2.6.9...
CVE-2023-27285
creationtimestamp| type| source ---|---|--- 2025-01-08 20:14:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/818...
CVE-2021-27285
An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell...
CVE-2021-27285
creationtimestamp| type| source ---|---|--- 2025-01-06 21:55:09+00:00| seen| https://infosec.exchange/users/cve/statuses/113783636569875480 2025-01-06 22:15:21+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lf45vh4vlw22 2025-01-06 22:38:46+00:00| seen|...
CVE-2021-27285
An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell...
CVE-2021-27285
An issue was discovered in Inspur ClusterEngine v4.0 that allows attackers to gain escalated Local privileges and execute arbitrary commands via /opt/tsce4/torque6/bin/getJobsByShell...
CVE-2021-27285
CVE-2021-27285 affects Inspur ClusterEngine v4.0. The issue allows attackers to gain escalated local privileges and execute arbitrary commands via the binary path /opt/tsce4/torque6/bin/getJobsByShell. The Red Hat and NVD entries corroborate the same description across multiple vendors, with no p...
Fedora 38 : rubygem-yard (2024-3744975c4b)
The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-3744975c4b advisory. A security flaw was found on rubygem-yard that documents generated by yard may be vulnerable to XSS attack. This issue is now assigned as CVE-2024-27285 . Th...
[SECURITY] [DLA 3753-1] yard security update
------------------------------------------------------------------------- Debian LTS Advisory DLA-3753-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk March 06, 2024 https://wiki.debian.org/LTS -...
Debian dsa-5635 : yard - security update
The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5635 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5635-1...
Debian: Security Advisory (DSA-5635-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2024-27285
CVE-2024-27285 affects YARD, a Ruby documentation generator. The vulnerability lies in the generated frames.html, where inadequate sanitization in the JavaScript of the frames.erb template allowed Cross-Site Scripting (XSS). Public advisories (Debian, Fedora, Ubuntu, NVD) attribute the issue to Y...
CVE-2024-27285
creationtimestamp| type| source ---|---|--- 2024-02-28 18:14:40+00:00| published-proof-of-concept| https://github.com/lsegal/yard/security/advisories/GHSA-8mq4-9jjh-9xrc 2024-02-28 21:27:02+00:00| seen| https://t.me/ctinow/195884 2025-02-14 21:08:30+00:00| seen|...
CVE-2023-27285
CVE-2023-27285 affects IBM Aspera Connect and IBM Aspera Cargo at versions up to 4.2.5, with a buffer overflow caused by improper bounds checking. The impact is potential arbitrary code execution on the target system. The vulnerability is addressed by IBM’s remediation: upgrading to version 4.2.6...
CVE-2023-27285 IBM Aspera buffer overflow
IBM Aspera Connect 4.2.5 and IBM Aspera Cargo 4.2.5 is vulnerable to a buffer overflow, caused by improper bounds checking. An attacker could overflow a buffer and execute arbitrary code on the system. IBM X-Force ID: 248625...
Security Bulletin: IBM Aspera Connect and IBM Aspera Cargo has addressed multiple vulnerabilities (CVE-2023-22862, CVE-2023-27285)
Summary This Security Bulletin addresses security vulnerabilities that have been remediated in IBM Aspera Connect 4.2.6 and IBM Aspera Cargo 4.2.6. Vulnerability Details CVEID:CVE-2023-22862 DESCRIPTION: IBM Aspera Connect and IBM Aspera Cargo transmits authentication credentials, but it uses an...