Lucene search
K

253 matches found

Positive Technologies
Positive Technologies
added 2022/09/14 12:0 a.m.8 views

PT-2022-7406 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.3 Description: The issue is related to the usage of RSS feeds or external calendar in planning, which is subject to Server-Side Request Forgery SSRF exploit. This allows an attacker to scan server ports or services...

10CVSS6.4AI score0.99628EPSS
Exploits40References203
CNNVD
CNNVD
added 2022/09/14 12:0 a.m.5 views

GLPI 代码问题漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

5.8CVSS7AI score0.00459EPSS
Exploits0References4
Snyk
Snyk
added 2022/05/24 5:38 p.m.4 views

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the username, lastname, or surname fields in user profiles. A user can insert a malicious payload in their own calendar, which may be reflected and executed when accessed by other users' calendars. This is a...

6.1CVSS5.3AI score0.00941EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2022/05/01 6:5 p.m.20 views

MoinMoin Improper ACL handling for calendars and includes

MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors...

5CVSS7.1AI score0.01474EPSS
Exploits0References9Affected Software1
OSV
OSV
added 2022/02/28 8:15 p.m.16 views

CVE-2021-41112

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...

8.1CVSS6.9AI score
Exploits0References1
Prion
Prion
added 2022/02/28 8:15 p.m.12 views

Authorization

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...

5.5CVSS8.1AI score0.00737EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/02/28 7:15 p.m.25 views

CVE-2021-41112 Missing Authorization in Rundeck

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...

8.1CVSS8.3AI score0.00737EPSS
Exploits0References1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.12 views

WordPress Date Picker by Input WP – Sync bookings with external Calendars (.ics) plugin <= 2.1 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Date Picker by Input WP – Sync bookings with external Calendars .ics plugin versions = 2.1. Solution Update the WordPress Date Picker by Input WP – Sync bookings with external Calendars .ics plugin to the latest available...

2.5AI score
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.6 views

Rundeck 安全漏洞

Rundeck is an open source automation service with a web console, command line tools, and webAPI from Rundeck, Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability in versions of Rundeck prior to 3.4.5 allows authenticated users to make requests to...

8.1CVSS7.8AI score0.00737EPSS
Exploits0References4
CNVD
CNVD
added 2022/02/10 12:0 a.m.13 views

Microsoft Outlook for Mac Security Feature Bypass Vulnerability

Microsoft Outlook for Mac is a Mac-based email client software bundled with the Office suite from Microsoft Corporation. The software manages email, contacts, calendars, etc. Microsoft Outlook for Mac has a security vulnerability for which no detailed vulnerability details are available...

5.3CVSS3.6AI score0.02393EPSS
Exploits0References1
NVD
NVD
added 2022/01/17 1:15 p.m.24 views

CVE-2021-25061

The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page...

5.4CVSS0.00675EPSS
Exploits2References2
Prion
Prion
added 2021/10/11 11:15 a.m.28 views

Code injection

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars...

3.5CVSS5.5AI score0.00604EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2021/09/13 6:15 p.m.11 views

Sql injection

The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue...

6.5CVSS8.8AI score0.01567EPSS
Exploits2References2Affected Software1
OpenVAS
OpenVAS
added 2021/07/27 12:0 a.m.21 views

Fedora: Security Advisory for nextcloud (FEDORA-2021-9b421b78af)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

8.8CVSS9.4AI score0.02309EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2021/07/05 12:0 a.m.35 views

Atlassian Confluence < 7.11.0 Multiple Vulnerabilities

According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior 7.11.0. It is, therefore, affected by the following vulnerabilities : - A blind Server-Side Request Forgery SSRF vulnerability in Team Calendars parameters. CVE-2020-29445 - A...

5.4CVSS5.1AI score0.01201EPSS
Exploits0References4
CNVD
CNVD
added 2021/05/11 12:0 a.m.10 views

Atlassian Confluence Server Server-Side Request Forgery Vulnerability

Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A server-side request forgery vulnerability exists in Confluence Server versions prior to 7.11.0,...

4.3CVSS6.6AI score0.01201EPSS
Exploits0References1
NVD
NVD
added 2021/05/07 6:15 a.m.16 views

CVE-2020-29445

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...

4.3CVSS0.01201EPSS
Exploits0References1
OSV
OSV
added 2021/05/07 6:15 a.m.6 views

CVE-2020-29445

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...

4.3CVSS5.8AI score0.01201EPSS
Exploits0References1
Prion
Prion
added 2021/05/07 6:15 a.m.15 views

Server side request forgery (ssrf)

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...

4CVSS4.5AI score0.01201EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2021/05/07 6:10 a.m.23 views

CVE-2020-29445

Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...

4.7AI score0.01201EPSS
Exploits0References1
Rows per page
Query Builder