CVE-2021-39019

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728...

CVE-2021-39019

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728...

Information disclosure

IBM Engineering Lifecycle Optimization - Publishing 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could disclose highly sensitive information through an HTTP GET request to an authenticated user. IBM X-Force ID: 213728...

Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to disclose highly sensitive information (CVE-2021-39019)

Summary IBM Engineering Lifecycle Optimization - Publishing Document Builder uses the POST method to submit passwords but can be forced to use the GET method also. Highly sensitive information can be disclosed through an HTTP GET request to an authenticated userCVE-2021-39019 Vulnerability Detail...

CVE-2022-26649

A vulnerability has been identified in SCALANCE X200-4P IRT All versions V5.5.2, SCALANCE X201-3P IRT All versions V5.5.2, SCALANCE X201-3P IRT PRO All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2IRT All versions V5.5.2, SCALANCE X202-2P IRT All versions V5.5.2, SCALAN...

CVE-2022-26649

The CVE-2022-26649 vulnerability affects multiple Siemens SCALANCE X switches (various models) where incoming HTTP GET URI handling is not properly validated, allowing an unauthenticated remote attacker to crash affected devices. The issue impacts numerous versions across products (e.g., X200-4P ...

RESI Gemini-Net Cross-Site Scripting Vulnerability

RESI Gemini-Net is a technology from RESI Italy for active and passive monitoring of communication networks and services.A cross-site scripting vulnerability exists in RESI Gemini-Net version 4.2. An attacker could exploit this vulnerability to inject arbitrary Web script or HTML into HTTP GET...

Information Disclosure

phoenixws is vulnerable to information disclosure, the vulnerability exists due to a lack of sanitization of HTTP GET request, allowing an attacker to access source code, files, and folders in phoenixfiles/extensions...

Phoenix-ws source code and data in extensions folder is publicly available

Impact All of the source code, files, and folders in phoenixfiles/extensions/ are available to end users through a simple HTTP GET request. Patches The issue has been patched. The users of version 1.0.6 and above are not effected...

GHSA-C8F7-X2G7-7FXJ Phoenix-ws source code and data in extensions folder is publicly available

Impact All of the source code, files, and folders in phoenixfiles/extensions/ are available to end users through a simple HTTP GET request. Patches The issue has been patched. The users of version 1.0.6 and above are not effected...

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

Cross site scripting

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

CVE-2022-29540

resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...

Ignite Realtime Openfire vulnerable to Server Side Request Forgery

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. The issue is fixed in version 4.5.0-beta...

GHSA-MFJW-X4Q4-69P9 Ignite Realtime Openfire vulnerable to Server Side Request Forgery

A Server Side Request Forgery SSRF vulnerability in FaviconServlet.java in Ignite Realtime Openfire through 4.4.2 allows attackers to send arbitrary HTTP GET requests. The issue is fixed in version 4.5.0-beta...

CVE-2019-3995

ELOG 3.1.4-57bea22 and below is affected by a denial of service vulnerability due to a NULL pointer dereference. A remote unauthenticated attacker can crash the ELOG server by sending a crafted HTTP GET request...

CVE-2019-11066

openid.php in LightOpenID through 1.3.1 allows SSRF via a crafted OpenID 2.0 assertion request using the HTTP GET method...

GHSA-XF9F-32GH-H2W4 Improper Authentication in Apache CXF

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...

Improper Authentication in Apache CXF

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...

Server-Side Request Forgery in Jenkins

An improper authorization vulnerability exists in Jenkins versions 2.106 and earlier, and LTS 2.89.3 and earlier, that allows an attacker to have Jenkins submit HTTP GET requests and get limited information about the response...