88 matches found
com.okta.spring.examples:okta-spring-boot-cloud-config-example (>=1.0.0 <=1.1.0), com.yoozoo.protoconf:protoconf-java (>=0.2.2 <=0.2.3) +9 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=2.0.0.RELEASE <=2.0.3.RELEASE)
org.springframework.cloud:spring-cloud-config-server MAVEN version =2.0.0.RELEASE, =1.0.0, =0.2.2, =1.0.2, =0.0.2, =Darwin.RELEASE, =0.2.1.RELEASE, =2.0.0.RELEASE, =2.0.3.RELEASE - xyz.weechang:moreco-cloud-config =0.0.1 Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...
cn.home1:oss-configserver (>=1.0.6.OSS <=1.0.7.OSS), cn.home1:spring-cloud-config-monitor (>=0.0.1 <=1.0.1.U1) +166 more potentially affected by CVE-2019-3799 via org.springframework.cloud:spring-cloud-config-server (>=1.1.0.RELEASE <=1.4.5.RELEASE)
org.springframework.cloud:spring-cloud-config-server MAVEN version =1.1.0.RELEASE, =1.0.6.OSS, =0.0.1, =0.0.1, =1.1.0-RELEASE, =1.0.0, =1.0.0, =1.5.0-Beta, =0.8.3, =0.8.3, =0.8.3, =0.8.3, =0.10.0 and more Source cves: CVE-2019-3799 Source advisory: OSV:GHSA-4X49-W62V-76Q7...
CVE-2019-3799 Directory Traversal with spring-cloud-config-server
Spring Cloud Config, versions 2.1.x prior to 2.1.2, versions 2.0.x prior to 2.0.4, and versions 1.4.x prior to 1.4.6, and older unsupported versions allow applications to serve arbitrary configuration files through the spring-cloud-config-server module. A malicious user, or attacker, can send a...
Directory Traversal
spring-cloud-config-server is vulnerable to directory traversal. It is possible because an attacker can serve arbitrary configuration files to the sever through a malicious URL feed into spring-cloud-config-server module...
Citrix NetScaler SOAP Handler Remote Code Execution Exploit
This Metasploit module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This maliciou...
Citrix NetScaler SOAP Handler Remote Code Execution
This module exploits a memory corruption vulnerability on the Citrix NetScaler Appliance. The vulnerability exists in the SOAP handler, accessible through the web interface. A malicious SOAP requests can force the handler to connect to a malicious NetScaler config server. This malicious config...
aeolus-configserver: aeolus-configserver-setup /tmp file conductor credentials leak
aeolus-configserver-setup in the Aeolas Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for a temporary file in /tmp, which allows local users to read credentials by reading this file...
PT-2004-1439 · Allmyvisitors +3 · Allmyvisitors +3
Name of the Vulnerable Software and Affected Versions: AllMyVisitors affected versions not specified AllMyLinks affected versions not specified AllMyGuests affected versions not specified Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the AMVconfigcfg...