Lucene search
K

88 matches found

vulnersOsv
vulnersOsv
added 2019/05/23 8:39 a.m.6 views

com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=1.0.0 <=1.1.0), com.yoozoo.protoconf:protoconf-java (>=0.2.2 <=0.2.3) +9 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=2.0.0.RELEASE <=2.0.3.RELEASE)

org.springframework.cloud:spring-cloud-config-server MAVEN version =2.0.0.RELEASE, =1.0.0, =0.2.2, =1.0.2, =0.0.2, =Darwin.RELEASE, =0.2.1.RELEASE, =2.0.0.RELEASE, =2.0.3.RELEASE - xyz.weechang:moreco-cloud-config =0.0.1 Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...

6.5CVSS6.5AI score0.85295EPSS
Exploits6
vulnersOsv
vulnersOsv
added 2019/05/23 8:39 a.m.7 views

cn.home1:oss-configserver (>=1.0.6.OSS <=1.0.7.OSS), cn.home1:spring-cloud-config-monitor (>=0.0.1 <=1.0.1.U1) +166 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=1.1.0.RELEASE <=1.4.5.RELEASE)

org.springframework.cloud:spring-cloud-config-server MAVEN version =1.1.0.RELEASE, =1.0.6.OSS, =0.0.1, =0.0.1, =1.1.0-RELEASE, =1.0.0, =1.0.0, =1.5.0-Beta, =0.8.3, =0.8.3, =0.8.3, =0.8.3, =0.10.0 and more Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...

6.5CVSS6.5AI score0.85295EPSS
Exploits6
Cvelist
Cvelist
added 2019/05/06 3:21 p.m.44 views

CVE-2019-3799 Directory Traversal with spring-cloud-config-server

Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...

6.7AI score0.85295EPSS
Exploits6References2
Veracode
Veracode
added 2019/04/17 9:12 a.m.25 views

Directory Traversal

spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module...

6.5CVSS6.7AI score0.85295EPSS
Exploits6References6Affected Software1
0day.today
0day.today
added 2014/11/06 12:0 a.m.26 views

Citrix NetScaler SOAP Handler Remote Code Execution Exploit

This Metasploit module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This maliciou...

7.9AI score
Exploits0
Metasploit
Metasploit
added 2014/10/31 1:34 a.m.19 views

Citrix NetScaler SOAP Handler Remote Code Execution

This module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config...

8.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2013/02/21 6:53 p.m.5 views

aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak

aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...

2.1CVSS5.8AI score0.00431EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2004/03/18 12:0 a.m.7 views

PT-2004-1439 · Allmyvisitors +3 · Allmyvisitors +3

Name of the Vulnerable Software and Affected Versions: AllMyVisitors affected versions not specified AllMyLinks affected versions not specified AllMyGuests affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the AMVconfigcfg...

9.8CVSS7.5AI score0.0779EPSS
Exploits1References14
Rows per page
Query Builder