Lucene search
K

55 matches found

Github Security Blog
Github Security Blog
added 2024/01/09 3:30 a.m.20 views

juzawebCMS Incorrect Access Control vulnerability

juzaweb = 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in the timezone field was not correctly validated...

4.9CVSS7AI score0.00694EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2024/01/09 12:0 a.m.46 views

CVE-2023-46906

CVE-2023-46906 affects juzaweb CMS (

4.9CVSS5AI score0.00694EPSS
Exploits1References2Affected Software1
Veracode
Veracode
added 2023/12/26 4:47 p.m.24 views

Improper Neutralization Of Special Elements

gitlab is vulnerable to Improper Neutralization of Special Elements. The vulnerability is due to there is no proper validation for user-supplied input, specifically when committing directories containing LF Line Feed characters. This flaw results in HTTP 500 errors when viewing the affected commi...

5.3CVSS6.7AI score0.00935EPSS
Exploits1References4Affected Software1
Oracle linux
Oracle linux
added 2022/12/05 12:0 a.m.75 views

spacewalk-backend spacewalk-java security update

spacewalk-backend 2.10.28-1.0.13 - Fix HTTP 500 and ORA-01830 on client scap report Orabug: 34823889 2.10.28-1.0.12 - Handle remote commands that return no output. Orabug: 32530545 2.10.28-1.0.11 - Make spacewalk-debug copy symlink target instead of the symlink itself. Orabug: 32514543...

4.3CVSS0.1AI score0.00733EPSS
Exploits1
Hacker One
Hacker One
added 2021/09/28 7:52 a.m.51 views

Mail.ru: [samokat.ru] PHP modules path disclosure due to lack of error handling

Hi security team @mailru we found a Information disclosure in phpproject in subsamokat.ru On one side of the server samokat.ru generates a full stack error trace instead of an HTTP 500 error. The complete error stack trace reveals the full path of the PHPConfiguration module directory on the...

6.6AI score
Exploits0
NVD
NVD
added 2021/07/09 2:15 p.m.41 views

CVE-2021-30117

The API call /InstallTab/exportFldr.asp is vulnerable to a semi-authenticated boolean-based blind SQL injection in the parameter fldrId. Detailed description --- Given the following request: GET /InstallTab/exportFldr.asp?fldrId=1’ HTTP/1.1 Host: 192.168.1.194 User-Agent: Mozilla/5.0 Macintosh;...

9.8CVSS0.72054EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2021/04/28 6:35 p.m.24 views

Security Bulletin: Potential information leakages vulnerabilities in IBM Jazz Team Server affect IBM Rational products based on IBM Jazz technology

Summary Multiple vulnerabilities in the IBM Jazz Team Server affecting the following IBM Rational Products: Collaborative Lifecycle Management CLM, Rational DOORS Next Generation RDNG, Rational Engineering Lifecycle Manager RELM, Rational Team Concert RTC, Rational Quality Manager RQM, Rational...

4.3CVSS0.6AI score0.00916EPSS
Exploits5Affected Software7
Hacker One
Hacker One
added 2020/05/30 5:59 a.m.47 views

HackerOne: Uploading large payload on domain instructions causes server-side DoS

This was a DoS vulnerability in a specific endpoint that didn't limit the size of the upload. As explained in the hacker summary, we limited the payload to mitigate the attack. Note : To everyone who sees this report, if a program accepts DoS vulnerabilities please try to try test carefully as it...

7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2019/12/14 12:54 a.m.40 views

CVE-2019-19342

A flaw was found in Ansible Tower 3.6.1 and 3.5.3 when /websocket is requested and the password contains the '' character. This request would cause a socket error in RabbitMQ when parsing the password and an HTTP error code 500 and partial password disclose will occur in plaintext. An attacker...

5.3CVSS1AI score0.01108EPSS
Exploits0References3
Citrix
Citrix
added 2019/12/13 12:0 a.m.8 views

XenMobile Server experiences a communications error with Apple Deployment Programs (formerly DEP)

XenMobile Server administrators may notice that newly added Apple devices, which are registered viaApple Deployment Programs formerly DEP, do not appear on XenMobile Server. Previously enrolled devices are not affected. Apple DEP connectivity test initiated from the XenMobile server may also fail...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2018/10/15 12:0 a.m.553 views

MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection

Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download: https://datapacket.dl.sourceforge.net/project/maxon/maxon.rar Version:...

7.4AI score
Exploits0
NVD
NVD
added 2018/10/04 9:29 p.m.21 views

CVE-2018-17891

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...

4.3CVSS3.9AI score0.00735EPSS
Exploits0References1
Prion
Prion
added 2018/10/04 9:29 p.m.14 views

Code injection

Carestream Vue RIS, RIS Client Builds: Version 11.2 and prior running on a Windows 8.1 machine with IIS/7.5. When contacting a Carestream server where there is no Oracle TNS listener available, users will trigger an HTTP 500 error, leaking technical information an attacker could use to initiate a...

4.3CVSS3.9AI score0.00735EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2018/07/06 2:29 p.m.20 views

Information disclosure

IBM Quality Manager RQM 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357...

5CVSS4.9AI score0.01269EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2018/07/06 2:29 p.m.24 views

CVE-2017-1239

IBM Quality Manager RQM 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357...

5.3CVSS4.5AI score0.01269EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/06 2:0 p.m.21 views

CVE-2017-1239

IBM Quality Manager RQM 5.0.x and 6.0 through 6.0.5 could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124357...

4.3CVSS5AI score0.01269EPSS
Exploits0References2
CVE
CVE
added 2018/07/06 2:0 p.m.50 views

CVE-2017-1239

The CVE-2017-1239 issue affects IBM Rational Quality Manager (RQM) components in Rational CLM: 5.0.x and 6.0.x up to 6.0.5. The vulnerability allows sensitive information exposure via HTTP 500 Internal Server Error responses, as described in IBM’s Security Bulletin for RQM. Root cause details are...

5.3CVSS5.2AI score0.01269EPSS
Exploits0References2Affected Software1
Hacker One
Hacker One
added 2018/05/11 12:42 p.m.61 views

HackerOne: Information disclosure

Summary: Chaining few simple informative issues on HackerOne platform and applying new method of timing attack, exploiting interesting feature in HTML5 https://developer.mozilla.org/en-US/docs/Web/API/ResourceTimingAPI/UsingtheResourceTimingAPI more precise Copy with CORSwe can perform low cost,...

7AI score
Exploits0
Prion
Prion
added 2017/11/27 9:29 p.m.22 views

Information disclosure

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359...

4CVSS4.2AI score0.00916EPSS
Exploits0References3Affected Software7
Cvelist
Cvelist
added 2017/11/27 9:0 p.m.24 views

CVE-2017-1240

IBM Rhapsody DM products could reveal sensitive information in HTTP 500 Internal Server Error responses. IBM X-Force ID: 124359...

4.3AI score0.00916EPSS
Exploits0References3
Rows per page
Query Builder