638 matches found
Unspecified Vulnerability in Fortinet FortiWLM
Fortinet FortiWLC is a wireless LAN controller from Fortinet. A security vulnerability in Fortinet FortiWLC version 8.6.1 and below can be exploited by an attacker to execute unauthorized code or commands via a crafted HTTP request...
Design/Logic Flaw
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative read-only privileges to download files that should be restricted. This vulnerability is due to incorrect permissions settings on an affecte...
CVE-2021-41584
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...
CVE-2021-37351
Nagios XI before version 5.8.5 is vulnerable to insecure permissions and allows unauthenticated users to access guarded pages through a crafted HTTP request to the server...
CVE-2021-26606
A vulnerability in PKI Security Solution of Dream Security could allow arbitrary command execution. This vulnerability is due to insufficient validation of the authorization certificate. An attacker could exploit this vulnerability by sending a crafted HTTP request an affected program. A successf...
XML External Entity (XXE) Injection in JDOM
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request. As a workaround, to avoid external entities being expanded, one can call builder.setExpandEntitiesfalse and they won't be expanded...
OPENSUSE-SU-2021:1031-1 Security update for jdom2
This update for jdom2 fixes the following issues: - CVE-2021-33813: XXE issue in SAXBuilder can cause a denial of service via a crafted HTTP request bsc1187446 This update was imported from the SUSE:SLE-15-SP2:Update update project...
Security update for jdom2 (important)
openSUSE Security Update: Security update for jdom2 Announcement ID: openSUSE-SU-2021:1031-1 Rating: important References: 1187446 Cross-References: CVE-2021-33813 CVSS scores: CVE-2021-33813 NVD : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-33813 SUSE: 7.5...
SUSE: Security Advisory (SUSE-SU-2021:2293-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Debian DLA-2696-1 : libjdom2-java - LTS security update
The remote Debian 9 host has packages installed that are affected by a vulnerability as referenced in the dla-2696 advisory. It was discovered that there was an XML External Entity XXE issue in libjdom2-java, a library for reading and manipulating XML documents. Attackers could have caused a deni...
CVE-2021-31412
The CVE-2021-31412 entry describes an information-disclosure issue in Vaadin Flow Server’s default RouteNotFoundError view. The vulnerability arises from improper sanitization of the path, enabling a network attacker to enumerate all available routes when the application runs in production mode a...
CVE-2021-33813
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...
CVE-2021-33813
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...
CVE-2021-33813
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...
Cross site request forgery (csrf)
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...
CVE-2021-33813
An XXE issue in SAXBuilder in JDOM through 2.0.6 allows attackers to cause a denial of service via a crafted HTTP request...
Command injection
A vulnerability in the SonicWall NSM On-Prem product allows an authenticated attacker to perform OS command injection using a crafted HTTP request. This vulnerability affects NSM On-Prem 2.2.0-R10 and earlier versions...
CVE-2021-1531 Cisco Modeling Labs Web UI Command Injection Vulnerability
A vulnerability in the web UI of Cisco Modeling Labs could allow an authenticated, remote attacker to execute arbitrary commands with the privileges of the web application on the underlying operating system of an affected Cisco Modeling Labs server. This vulnerability is due to insufficient...
Path traversal
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...
CVE-2020-18070
Path Traversal in iCMS v7.0.13 allows remote attackers to delete folders by injecting commands into a crafted HTTP request to the "dodel" method of the component "database.admincp.php"...