MiracleLinux 7 : java-1.7.0-openjdk-1.7.0.191-2.6.15.4.0.1.el7.AXS7 (AXSA:2018-3274:03)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3274:03 advisory. OpenJDK: insufficient index validation in PatternSyntaxException getMessage Concurrency, 8199547 CVE-2018-2952 Tenable has extracted the preceding descriptio...

MiracleLinux 7 : java-1.8.0-openjdk-1.8.0.181-3.b13.el7 (AXSA:2018-3262:05)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2018-3262:05 advisory. OpenJDK: insufficient index validation in PatternSyntaxException getMessage Concurrency, 8199547 CVE-2018-2952 Tenable has extracted the preceding descriptio...

CVE-2023-45957

A stored cross-site scripting XSS vulnerability in the component admin/AdminRequestSqlController.php of thirty bees before 1.5.0 allows attackers to execute arbitrary web script or HTML via $e-getMessage error mishandling...

Information Disclosure

Valinor is vulnerable to Information Disclosure. Valinor has access to ThrowablegetMessage, which can disclose sensitive information such as database passwords or system memory details...

CVE-2022-31140 Valinor error messages leading to potential data exfiltration

Valinor is a PHP library that helps to map any input into a strongly-typed value object structure. Prior to version 0.12.0, Valinor can use ThrowablegetMessage when it should not have permission to do so. This is a problem with cases such as an SQL exception showing an SQL snippet, a database...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

OpenJDK: insufficient index validation in PatternSyntaxException getMessage() (Concurrency, 8199547)

Vulnerability in the Java SE, Java SE Embedded, JRockit component of Oracle Java SE subcomponent: Concurrency. Supported versions that are affected are Java SE: 6u191, 7u181, 8u172 and 10.0.1; Java SE Embedded: 8u171; JRockit: R28.3.18. Difficult to exploit vulnerability allows unauthenticated...

CVE-2018-7706

Directory traversal vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote authenticated users to read arbitrary e-mail messages via a .. dot dot in the option2 parameter in an attachment action to secmail/getmessage.exe...

CVE-2018-7703

Cross-site scripting XSS vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe...

SecurEnvoy SecurMail Cross-Site Scripting Vulnerability

SecurEnvoy SecurMail is an email application from SecurEnvoy USA. A cross-site scripting vulnerability exists in SecurEnvoy SecurMail versions prior to 9.2.501. A remote attacker can exploit this vulnerability by sending the 'mailboxid' parameter to the secmail/getmessage.exe file to inject...

GLSA-200511-20 : Horde Application Framework: XSS vulnerability

The remote host is affected by the vulnerability described in GLSA-200511-20 Horde Application Framework: XSS vulnerability The Horde Team reported a potential XSS vulnerability. Horde fails to properly escape error messages which may lead to displaying unsanitized error messages via...