PT-2018-18068 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: zzcms version 8.2 Description: The issue allows remote attackers to discover the full path via a direct request to "3/qq connect2.0/API/class/ErrorCase.class.php" or "3/ucenter api/code/friend.php". Recommendations: For zzcms version 8.2, as ...

JetBrains IntelliJ-based IDEs <= 2016.1 Multiple Vulnerabilities - Active Check

JetbBains IntelliJ-based IDEs are prone to a remote code execution RCE and a local file disclosure vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

CVE-2016-3723

Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...

Updated jenkins-remoting packages fix CVE-2016-0792

Updated jenkins-remoting packages fix security vulnerability: Jenkins has several API endpoints that allow low-privilege users to POST XML files that then get deserialized by Jenkins. Maliciously crafted XML files sent to these API endpoints could result in arbitrary code execution. SECURITY-247 ...

CVE-2016-0792

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

CVE-2016-0792

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

Design/Logic Flaw

Multiple unspecified API endpoints in Jenkins before 1.650 and LTS before 1.642.2 allow remote authenticated users to execute arbitrary code via serialized data in an XML file, related to XStream and groovy.util.Expando...

CVE-2016-0792

CVE-2016-0792 affects Jenkins, including the core up to 1.650 and LTS up to 1.642.2, via a deserialization flaw in XML data using XStream and groovy.util.Expando. The vulnerability allows remote authenticated users to execute arbitrary code by crafting a serialized payload in an XML file. Public ...

PT-2016-4418 · Cloudbees +1 · Jenkins

Name of the Vulnerable Software and Affected Versions: Jenkins versions prior to 1.650 Jenkins LTS versions prior to 1.642.2 Description: The issue allows remote authenticated users to execute arbitrary code via serialized data in an XML file. This is related to XStream and the groovy.util.Expand...

PT-2014-5437 · Red Hat · Spacewalk-Java +1

Name of the Vulnerable Software and Affected Versions: spacewalk-java version 2.0.2 Red Hat Network RHN Satellite versions 5.5 through 5.6 Description: The issue allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to API endpoints such as...

Cross site request forgery (csrf)

1 ApiBlock.php, 2 ApiCreateAccount.php, 3 ApiLogin.php, 4 ApiMain.php, 5 ApiQueryDeletedrevs.php, 6 ApiTokens.php, and 7 ApiUnblock.php in includes/api/ in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow remote attackers to obtain CSRF tokens and bypass the...

PT-2013-4747 · Atlassian · Crowd

Name of the Vulnerable Software and Affected Versions: Atlassian Crowd versions 2.3.8 Atlassian Crowd versions 2.4.9 Atlassian Crowd versions 2.5.x through 2.5.3 Atlassian Crowd versions 2.6.x through 2.6.2 Description: The issue allows remote attackers to read arbitrary files and send HTTP...

PT-2012-2068 · Gr Board · Gboard

Name of the Vulnerable Software and Affected Versions: GR Board aka grboard version 1.8.6.5 Community Edition Description: The issue allows remote attackers to modify or delete data without requiring authentication for certain database actions. This can be achieved by sending a request to specifi...

PT-2011-2778 · Cisco · Cisco Unified Operations Manager

Name of the Vulnerable Software and Affected Versions: Cisco Unified Operations Manager CUOM versions prior to 8.6 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the CCMs parameter to the "/iptm/PRTestCreation.do" API endpoint or the ccm...

PT-2007-2305 · Unknown · Trevorchan

Name of the Vulnerable Software and Affected Versions: Trevorchan versions 0.7 and earlier Description: A remote file inclusion issue allows remote attackers to execute arbitrary code via the tc configrootdir parameter to several API endpoints, including "upgrade.php", "paint save.php", "menu.php...

PT-2007-1990 · Unknown · Advanced Guestbook

Name of the Vulnerable Software and Affected Versions: Advanced Guestbook version 2.4.2 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the include path parameter to API endpoints such as "index.php", "addentry.php", or "picture.php". Recommendations: For...

PT-2005-3149 · Dragonfly · Dragonfly Commerce

Name of the Vulnerable Software and Affected Versions: Dragonfly Commerce affected versions not specified Description: The issue allows remote attackers to change a product price by modifying the x DragonflyCartProductPrice hidden field in several API endpoints, including "dc Categorieslist.asp",...

CVE-2024-33865

An issue was discovered in linqi before 1.4.0.1 on Windows. There is an NTLM hash leak via the /api/Cdn/GetFile and /api/DocumentTemplate/GUID endpoints...