Lucene search
K

255 matches found

Prion
Prion
added 2021/05/07 6:15 a.m.15 views

Server side request forgery (ssrf)

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...

4CVSS4.5AI score0.01201EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2021/05/07 6:10 a.m.115 views

CVE-2020-29445

CVE-2020-29445 describes a blind SSRF in Atlassian Confluence Server’s Team Calendars parameters. Affected are Confluence Server versions before 7.4.8 and 7.5.0 through 7.10.9 (pre-7.11.0). Root cause is a server-side request forgery in the Team Calendars functionality, enabling an attacker to id...

4.3CVSS4.7AI score0.01201EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/07 6:10 a.m.25 views

CVE-2020-29445

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...

4.7AI score0.01201EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/05/07 12:0 a.m.8 views

Atlassian Confluence Server 代码问题漏洞

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A server-side request forgery vulnerability exists in Confluence Server versions prior to 7.11.0,...

4.3CVSS5.6AI score0.01201EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/05/07 12:0 a.m.6 views

PT-2021-11666 · Atlassian · Confluence

Name of the Vulnerable Software and Affected Versions: Confluence Server versions prior to 7.4.8 Confluence Server versions 7.5.0 through 7.10.9 Description: The issue allows attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars...

4.3CVSS7.2AI score0.01201EPSS
Exploits0References7
CNNVD
CNNVD
added 2021/04/12 12:0 a.m.5 views

WordPress 插件跨站脚本漏洞

WordPress Plugin is an open source application plugin for WordPress. A cross-site scripting vulnerability exists in the WordPress plugin Advanced Booking Calendar prior to version 1.6.7. The vulnerability stems from the plugin not clearing the GET parameter in the "Seasons and Calendars" page, an...

5.4CVSS5.2AI score0.00691EPSS
Exploits2References3
WPVulnDB
WPVulnDB
added 2021/03/28 12:0 a.m.21 views

Advanced Booking Calendar < 1.6.7 - Authenticated Reflected Cross-Site Scripting (XSS)

The plugin did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue PoC Payloads: - Original reporter:...

3.5CVSS1.1AI score0.00691EPSS
Exploits2References1Affected Software1
Atlassian
Atlassian
added 2021/03/03 10:39 p.m.29 views

Blind SSRF in Team Calendars REST API using location parameter - CVE-2020-29445

Affected versions of Confluence Server allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Affected versions: 7.11.0 Fixed versions: 7.11.0 7.4.8 LTS This vulnerability is attributed to Stefano Castilletti, a...

4.3CVSS5AI score0.01201EPSS
Exploits0
Atlassian
Atlassian
added 2021/03/03 10:39 p.m.57 views

Blind SSRF in Team Calendars REST API using location parameter - CVE-2020-29445

Affected versions of Confluence Server allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters. Affected versions: 7.11.0 Fixed versions: 7.11.0 7.4.8 LTS This vulnerability is attributed to Stefano Castilletti, a...

4.3CVSS4.3AI score0.01201EPSS
Exploits0Affected Software1
Fedora
Fedora
added 2020/10/23 10:24 p.m.38 views

[SECURITY] Fedora 33 Update: nextcloud-19.0.3-1.fc33

NextCloud gives you universal access to your files through a web interface or WebDAV. It also provides a platform to easily view & sync your contacts, calendars and bookmarks across all your devices and enables basic editing r ight on the web. NextCloud is extendable via a simple but powerful API...

6.8CVSS3.5AI score0.01468EPSS
Exploits3
Huntr
Huntr
added 2020/08/23 12:0 a.m.14 views

Code Injection in ionicabizau/git-stats

Overview git-stats is a js package for local git statistics including GitHub-like contributions calendars. Affected versions of this package are vulnerable to Command Injection. It is possible to inject arbitrary commands by using a semicolon char in any of the options.start or options.end values...

3.1AI score
Exploits0
Fedora
Fedora
added 2020/07/22 1:20 a.m.16 views

[SECURITY] Fedora 31 Update: php-horde-kronolith-4.2.29-1.fc31

Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...

3.4AI score
Exploits0
Fedora
Fedora
added 2020/07/22 1:6 a.m.13 views

[SECURITY] Fedora 32 Update: php-horde-kronolith-4.2.29-1.fc32

Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...

3.4AI score
Exploits0
OpenVAS
OpenVAS
added 2020/07/22 12:0 a.m.13 views

Fedora: Security Advisory for php-horde-kronolith (FEDORA-2020-0fbd043bcf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
WPVulnDB
WPVulnDB
added 2019/12/10 12:0 a.m.18 views

Scoutnet Kalender <= 1.1.0 - Stored Cross-Site Scripting (XSS)

The plugin does not sanitise the 'Info' field from embedded calendars which are retrieved from Scoutnet and are not necessarily owned/managed by the administrator of the blog...

3.5CVSS1.9AI score0.01194EPSS
Exploits2References1Affected Software1
The Hacker News
The Hacker News
added 2019/09/17 12:5 p.m.83 views

Thousands of Google Calendars Possibly Leaking Private Information Online

"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you...

0.1AI score
Exploits0
The Hacker News
The Hacker News
added 2019/09/17 12:5 p.m.2 views

Thousands of Google Calendars Possibly Leaking Private Information Online

"Warning — Making your calendar public will make all events visible to the world, including via Google search. Are you sure?" Remember this security warning? No? If you have ever shared your Google Calendars, or maybe inadvertently, with someone that should not be publicly accessible anymore, you...

6.4AI score
Exploits0
Fedora
Fedora
added 2018/10/07 10:16 p.m.24 views

[SECURITY] Fedora 28 Update: php-horde-kronolith-4.2.25-1.fc28

Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...

3.4AI score
Exploits0
Fedora
Fedora
added 2018/10/07 9:1 p.m.24 views

[SECURITY] Fedora 29 Update: php-horde-kronolith-4.2.25-1.fc29

Kronolith is the Horde calendar application. It provides web-based calendars backed by a SQL database or a Kolab server. Supported features include Ajax and mobile interfaces, shared calendars, remote calendars, invitation management iCalendar/iTip, free/busy management, resource management,...

3.4AI score
Exploits0
exploitpack
exploitpack
added 2018/02/16 12:0 a.m.51 views

Joomla! Component JTicketing 2.0.16 - SQL Injection

Joomla! Component JTicketing 2.0.16 - SQL Injection Exploit Title: Joomla! Component JTicketing 2.0.16 - SQL Injection Dork: N/A Date: 16.02.2018 Vendor Homepage: https://techjoomla.com/ Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/jticketing/ Versio...

7.5CVSS0.5AI score0.02703EPSS
Exploits5
Rows per page
Query Builder