Atlassian Confluence 8.6.x < 8.9.1 Cross-Site Scripting

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to 7.19.22, 7.20.x prior to 8.5.9 or 8.6.x prior to 8.9.1. It is, therefore, affected by a stored Cross-Site Scripting XSS vulnerability. Note that the scanner has not tested fo...

Siemens SCALANCE W1750D Classic Buffer Overflow (CVE-2022-37889)

There are buffer overflow vulnerabilities in multiple underlying services that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba Networks AP management protocol UDP port 8211. Successful exploitation of these vulnerabilities result...

Siemens SCALANCE W1750D Improper Input Validation (CVE-2021-25148)

A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.5.x: 6.5.4.17 and below; Aruba Instant 8.3.x: 8.3.0.13 and below; Aruba Instant 8.5.x: 8.5.0.10 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba h...

Atlassian Jira 7.0.6 < 8.5.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.0.6 prior to 8.5.4 or 8.6.x prior to 8.7.1. It is, therefore, affected by multiple vulnerabilities: - A flaw which permits remote attackers to achieve Denial of Service via a...

Atlassian 8.6.x < 8.6.1 Open Redirect In Login.jsp

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 7.13.0 prior to 8.5.2 or 8.6.x 8.6.1. It is, therefore, affected by a vulnerability that permits remote attackers to redirect users to a different website which they may use as part of...

Atlassian Jira 8.6.x < 8.13.7 Reverse Tabnapping Via Project Shortcuts

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.15, 8.6.x 8.13.7, 8.14.0 8.17.1 or 8.18.0 8.18.1. It is, therefore, affected by a vulnerability in the Project Shortcuts feature which allows remote attackers to redirect...

VMware vRealize Operations 跨站请求伪造漏洞

VMware vRealize Operations is an application from VMware, Inc. A unified, AI-based platform for private, hybrid, and multi-cloud environments that delivers IT operations management on autopilot. A security vulnerability exists in VMware vRealize Operations vROps version 8.6.x series, which can be...

GHSA-3GX6-H57H-RM27 Drupal Core Remote Code Execution Vulnerability

Some field types do not properly sanitize data from non-form sources in Drupal 8.5.x before 8.5.11 and Drupal 8.6.x before 8.6.10. This can lead to arbitrary PHP code execution in some cases. A site is only affected by this if one of the following conditions is met: The site has the Drupal 8 core...

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-2295...

CVE-2022-22951

CVE-2022-22951 affects VMware Carbon Black App Control (versions 8.5.x prior to 8.5.14; 8.6.x prior to 8.6.6; 8.7.x prior to 8.7.4; 8.8.x prior to 8.8.2). The vulnerability is an OS command injection caused by improper input validation that could allow an authenticated, highly privileged attacker...

CVE-2021-37735

A remote denial of service vulnerability was discovered in Aruba Instant versions: Aruba Instant 6.5.x.x: 6.5.4.18 and below; Aruba Instant 8.5.x.x: 8.5.0.10 and below; Aruba Instant 8.6.x.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant IAP that address this security...

Atlassian Jira 8.6.x < 8.13.6 Arbitrary File Read

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.14, 8.6.x 8.13.6 or 8.14.x 8.16.1. It is, therefore, affected by a path traversal vulnerability in the /WEB-INF/web.xml endpoint allowing remote attackers to read particul...

Atlassian Jira 8.6.x < 8.13.2 Insecure Direct Object References

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10 or 8.6.x 8.13.2. It is, therefore, affected by an Insecure Direct Object References IDOR vulnerability allowing remote attackers to view the metadata of boards they...

Atlassian Jira 8.6.x < 8.13.2 Server-Side Request Forgery

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.10, 8.6.x 8.13.2 or 8.14.x 8.14.1. It is, therefore, affected by a Server-Side Request Forgery SSRF vulnerability allowing unexpected DNS lookups and requests to malicious...

Atlassian Jira 8.6.x < 8.12.0 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.3.16, 8.x 8.5.7 or 8.6.x 8.12.0. It is, therefore, affected by an information disclosure vulnerability in the ViewUserHover.jspa endpoint allowing an unauthenticated user to...

Atlassian Jira < 7.13.18 Information Disclosure

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.13.18, 8.x 8.5.9 or 8.6.x 8.12.2. It is, therefore, affected by an information disclosure vulnerability due to a missing permissions check in the ActionsAndOperations resour...

Atlassian Jira 8.6.x < 8.12.3 Cross-Site Scripting

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.9, 8.6.x 8.12.3 or 8.13.x 8.13.1. It is, therefore, affected by a Cross-Site Scripting XSS vulnerability in Jira issue filter export files. Note that the scanner has not...

Exploit for Deserialization of Untrusted Data in Drupal

This is a PoC exploit for CVE-2019-6340, a remote code execution...

CVE-2021-25146

The CVE-2021-25146 vulnerability affects Aruba Instant Access Point (IAP) devices, enabling remote arbitrary command execution via the Aruba Instant CLI/management interfaces. Affected products/versions include Aruba Instant 6.5.x up to 6.5.4.17 and below; 8.3.x up to 8.3.0.13 and below; 8.5.x up...

CVE-2021-25143

A remote denial of service dos vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 8.3.x: 8.3.0.12 and below; Aruba Instant 8.5.x: 8.5.0.9 and below; Aruba Instant 8.6.x: 8.6.0.4 and below. Aruba has released patches for Aruba Instant that addre...