39 matches found
Znuny 安全漏洞
Znuny is a ticket system of the Znuny company. Version 6.5.x of Znuny contains a security vulnerability. This vulnerability stems from improper handling of the OTRSCustomerInterface parameter in the customer.pl endpoint, which may lead to cross-site scripting attacks...
EUVD-2016-3142
Malware in sbrugna...
K000148809: Qt vulnerabilities CVE-2023-38197 and CVE-2023-37369
Security Advisory Description CVE-2023-38197 An issue was discovered in Qt before 5.15.15, 6.x before 6.2.10, and 6.3.x through 6.5.x before 6.5.3. There are infinite loops in recursive entity expansion. CVE-2023-37369 In Qt before 5.15.15, 6.x before 6.2.9, and 6.3.x through 6.5.x before 6.5.2,...
CVE-2024-36048
QAbstractOAuth in Qt Network Authorization in Qt before 5.15.17, 6.x before 6.2.13, 6.3.x through 6.5.x before 6.5.6, and 6.6.x through 6.7.x before 6.7.1 uses only the time to seed the PRNG, which may result in guessable values...
Siemens SCALANCE W1750D Classic Buffer Overflow (CVE-2022-37889)
There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba Networks AP management protocol UDP port 8211. Successful exploitation of these vulnerabilities result...
Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25148)
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba h...
CVE-2021-37735
A remote denial of service vulnerability was discovered in Aruba Instant versions: Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant IAP that address this security...
CVE-2021-27925
An issue was discovered in Couchbase Server 6.5.x and 6.6.x through 6.6.1. When using the View Engine and Auditing is enabled, a crash condition can depending on a race condition cause an internal user with administrator privileges, @nsserver, to have its credentials leaked in cleartext in the...
CVE-2021-25146
The CVE-2021-25146 vulnerability affects Aruba Instant Access Point (IAP) devices, enabling remote arbitrary command execution via the Aruba Instant CLI/management interfaces. Affected products/versions include Aruba Instant 6.5.x up to 6.5.4.17 and below; 8.3.x up to 8.3.0.13 and below; 8.5.x up...
CVE-2019-5317
A local authentication bypass vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x: 6.5.4.15 and below; Aruba Instant 8.3.x: 8.3.0.11 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba...
Command injection
vSphere Replication 8.3.x prior to 8.3.1.2, 8.2.x prior to 8.2.1.1, 8.1.x prior to 8.1.2.3 and 6.5.x prior to 6.5.1.5 contain a post-authentication command injection vulnerability which may allow an authenticated admin user to perform a remote code execution...
Adobe Experience Manager 6.2.x <= 6.2 SP1-CFP20 / 6.3.x <= 6.3.3.8 / 6.4.x < 6.4.8.2 / 6.5.x < 6.5.6.0 (APSB20-56)
The version of Adobe Experience Manager installed on the remote host is 6.2.x through 6.2 SP1-SFP20, 6.3.x through 6.3.3.8, 6.4.x prior to 6.4.8.2, or 6.5.x prior to 6.5.6.0. It is, therefore, affected by multiple vulnerabilities: - Adobe Experience Manager executes with unnecessary privileges,...
Atlassian Bitbucket 6.4.x < 6.4.3 Command Injection Vulnerability
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is prior to 5.16.10, 6.0.x prior to 6.0.10, 6.1.x prior to 6.1.8, 6.2.x prior to 6.2.6, 6.3.x prior to 6.3.5, 6.4.x prior to 6.4.3 or 6.5.x prior to 6.5.2. It is, therefore, affected by a...
CVE-2019-5727
CVE-2019-5727 affects Splunk Enterprise and Splunk Light: Splunk Web in versions 6.0.x before 6.0.15, 6.1.x before 6.1.14, 6.2.x before 6.2.14, 6.3.x before 6.3.12, 6.4.x before 6.4.9, 6.5.x before 6.5.5 and Splunk Light before 6.6.0 is vulnerable to a persistent XSS due to improperly validated u...
Cross site scripting
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML vi...
CVE-2018-7427
Cross-site scripting XSS vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML vi...
ifwatchd Privilege Escalation Exploit
This Metasploit module attempts to gain root privileges on QNX 6.4.x and 6.5.x systems by exploiting the ifwatchd suid executable. ifwatchd allows users to specify scripts to execute using the '-A' command line argument; however, it does not drop privileges when executing user-supplied scripts,...
CVE-2017-12572
Persistent Cross Site Scripting XSS exists in Splunk Enterprise 6.5.x before 6.5.2, 6.4.x before 6.4.6, and 6.3.x before 6.3.9 and Splunk Light before 6.5.2, with exploitation requiring administrative access, aka SPL-134104...
Design/Logic Flaw
Splunk Web in Splunk Enterprise versions 6.5.x before 6.5.2, 6.4.x before 6.4.5, 6.3.x before 6.3.9, 6.2.x before 6.2.13, 6.1.x before 6.1.12, 6.0.x before 6.0.13, 5.0.x before 5.0.17 and Splunk Light versions before 6.5.2 allows remote authenticated users to cause a denial of service daemon cras...
Blue Coat ProxySG 6.5.x / 6.2.x / 5.5 OpenSSL Vulnerability (FREAK)
The remote Blue Coat ProxySG device's self-reported SGOS version is 6.5 prior to 6.5.6.2, or version 6.2 prior to 6.2.16.3, or else any version of 5.5. Therefore, it contains a bundled version of OpenSSL affected by a security feature bypass vulnerability, known as FREAK Factoring attack on...