56 matches found
ServiceNow Incomplete List of Disallowed Inputs Vulnerability
ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely...
SolarWinds Orion Platform BlacklistedFilesChecker Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of SolarWinds Orion Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the BlacklistedFilesChecker class. The issue results from an incomplete list of...
CVE-2023-40062
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges...
CVE-2023-40062 Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability
SolarWinds Platform Incomplete List of Disallowed Inputs Remote Code Execution Vulnerability. If executed, this vulnerability would allow a low-privileged user to execute commands with SYSTEM privileges...
CVE-2023-3374
Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation.This issue affects Bookreen: before 3.0.0...
CVE-2023-3374
Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0...
CVE-2023-3374 Privilege Escalation in Bookreen
Incomplete List of Disallowed Inputs vulnerability in Unisign Bookreen allows Privilege Escalation. This issue affects Bookreen: before 3.0.0...
PT-2023-24464
Name of the Vulnerable Software and Affected Versions Bookreen versions prior to 3.0.0 Description The issue is related to an Incomplete List of Disallowed Inputs vulnerability in Bookreen, which allows Privilege Escalation. Recommendations For versions prior to 3.0.0, update to version 3.0.0 or...
CVE-2022-23128
Incomplete List of Disallowed Inputs vulnerability in Mitsubishi Electric MC Works64 versions 4.00A 10.95.201.23 to 4.04E 10.95.210.01, ICONICS GENESIS64 versions 10.95.3 to 10.97, ICONICS Hyper Historian versions 10.95.3 to 10.97, ICONICS AnalytiX versions 10.95.3 to 10.97 and ICONICS MobileHMI...
CVE-2021-31370
An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the netwo...
Design/Logic Flaw
An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine PFE of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker which sends a high rate of specific multicast traffic to cause control traffic received from the netwo...
CVE-2021-31370
CVE-2021-31370 concerns Juniper Networks Junos OS on QFX5000 Series and EX4600 Series, where an Incomplete List of Disallowed Inputs vulnerability in the Packet Forwarding Engine (PFE) can be exploited by an adjacent unauthenticated attacker sending a high rate of specific multicast traffic. This...
CVE-2021-20081
CVE-2021-20081 affects ManageEngine ServiceDesk Plus (versions before 11205). The root cause is insufficient sanitisation of user input, enabling a remote, authenticated attacker to execute arbitrary commands with SYSTEM privileges. Affected product/version: SDP
private_address_check contains Incomplete List of Disallowed Inputs
The privateaddresscheck ruby gem before 0.4.1 is vulnerable to a bypass due to an incomplete blacklist of common private/local network addresses used to prevent server-side request forgery...
GHSA-5VX5-9Q73-WGP4 Safemode Gem Has Incomplete List of Disallowed Inputs
rubygem-safemode, as used in Foreman, versions 1.3.1 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation...
Safemode Gem Has Incomplete List of Disallowed Inputs
rubygem-safemode, as used in Foreman, versions 1.3.1 and earlier are vulnerable to bypassing safe mode limitations via special Ruby syntax. This can lead to deletion of objects for which the user does not have delete permissions or possibly to privilege escalation...