253 matches found
PT-2022-7406 · Glpi +2 · Glpi +2
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.3 Description: The issue is related to the usage of RSS feeds or external calendar in planning, which is subject to Server-Side Request Forgery SSRF exploit. This allows an attacker to scan server ports or services...
GLPI 代码问题漏洞
GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the username, lastname, or surname fields in user profiles. A user can insert a malicious payload in their own calendar, which may be reflected and executed when accessed by other users' calendars. This is a...
MoinMoin Improper ACL handling for calendars and includes
MoinMoin before 20070507 does not properly enforce ACLs for calendars and includes, which allows remote attackers to read certain pages via unspecified vectors...
CVE-2021-41112
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...
Authorization
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...
CVE-2021-41112 Missing Authorization in Rundeck
Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...
WordPress Date Picker by Input WP – Sync bookings with external Calendars (.ics) plugin <= 2.1 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Date Picker by Input WP – Sync bookings with external Calendars .ics plugin versions = 2.1. Solution Update the WordPress Date Picker by Input WP – Sync bookings with external Calendars .ics plugin to the latest available...
Rundeck 安全漏洞
Rundeck is an open source automation service with a web console, command line tools, and webAPI from Rundeck, Inc. in the United States, which is primarily used to run automation tasks. A security vulnerability in versions of Rundeck prior to 3.4.5 allows authenticated users to make requests to...
Microsoft Outlook for Mac Security Feature Bypass Vulnerability
Microsoft Outlook for Mac is a Mac-based email client software bundled with the Office suite from Microsoft Corporation. The software manages email, contacts, calendars, etc. Microsoft Outlook for Mac has a security vulnerability for which no detailed vulnerability details are available...
CVE-2021-25061
The WP Booking System WordPress plugin before 2.0.15 was affected by a reflected xss in wp-booking-system on the wpbs-calendars admin page...
Code injection
The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating new calendars...
Sql injection
The WP Simple Booking Calendar WordPress plugin before 2.0.6 did not escape, validate or sanitise the orderby parameter in its Search Calendars action, before using it in a SQL statement, leading to an authenticated SQL injection issue...
Fedora: Security Advisory for nextcloud (FEDORA-2021-9b421b78af)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Atlassian Confluence < 7.11.0 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior 7.11.0. It is, therefore, affected by the following vulnerabilities : - A blind Server-Side Request Forgery SSRF vulnerability in Team Calendars parameters. CVE-2020-29445 - A...
Atlassian Confluence Server Server-Side Request Forgery Vulnerability
Atlassian Confluence Server is the server version of Atlassian Australia's suite of collaboration software with enterprise knowledge management capabilities and support for building enterprise WiKi. A server-side request forgery vulnerability exists in Confluence Server versions prior to 7.11.0,...
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
Server side request forgery (ssrf)
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...
CVE-2020-29445
Affected versions of Confluence Server before 7.4.8, and versions from 7.5.0 before 7.11.0 allow attackers to identify internal hosts and ports via a blind server-side request forgery vulnerability in Team Calendars parameters...