CVE-2022-34212

A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34211

A cross-site request forgery CSRF vulnerability in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers to send an HTTP POST request to an attacker-specified URL...

CVE-2022-34206

CVE-2022-34206 concerns Jenkins Jianliao Notification Plugin (1.1 and earlier). The root cause is a missing permission check in a form-validation method, allowing attackers with Overall/Read to send HTTP POST requests to an attacker-specified URL and enabling CSRF. The issue is confirmed across m...

CVE-2022-34206

A missing permission check in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers with Overall/Read permission to send HTTP POST requests to an attacker-specified URL...

CVE-2022-34205

CVE-2022-34205 describes a CSRF vulnerability in Jenkins Jianliao Notification Plugin (versions 1.1 and earlier) that allows an attacker to cause the server to issue HTTP POST requests to an attacker-controlled URL. The connected notes corroborate the issue across multiple feeds, all citing the s...

CVE-2022-34205

A cross-site request forgery CSRF vulnerability in Jenkins Jianliao Notification Plugin 1.1 and earlier allows attackers to send HTTP POST requests to an attacker-specified URL...

Design/Logic Flaw

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...

CVE-2022-32254

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...

CVE-2022-32254

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.1. A customized HTTP POST request could force the application to write the status of a given user to a log file, exposing sensitive user information that could provide valuable guidance to an attacker...

CVE-2022-30760

An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...

Design/Logic Flaw

An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...

CVE-2022-30760

An Insecure Direct Object Reference IDOR issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information final grades, study courses, degrees by changing the student ID parameter in the HTTP POST request to the FrontControllerSS...

CVE-2022-30760

Vulnerability context: CVE-2022-30760 affects the ihb eG FlexNow product (fn2Web) prior to version 2.04.09.016. The issue is an insecure direct object reference (IDOR) that allows remote authenticated users to access sensitive student data by altering the student ID parameter in a POST to the Fro...

Nokia Broadcast Message Center SQL Injection Vulnerability (CNVD-2022-68946)

Nokia Broadcast Message Center is a broadcast message center for Nokia Finland to manage alerts. An SQL injection vulnerability exists in Nokia Broadcast Message Center 11.1.0 and earlier versions, which originates in /owui/block/send-receive-updates extIdentifier HTTP POST parameter is missing...

Security Bulletin: A vulnerability has been identified in IBM Elastic Storage System GUI where authorised user can execute unauthorized function (CVE-2020-4378)

Summary A security vulnerability has been identified in all levels of IBM Elastic Storage System 3000 GUI. A fix for this vulnerability is available. Vulnerability Details CVEID: CVE-2020-4378 DESCRIPTION: IBM Spectrum Scale 5.0.0.0 through 5.0.4.4 could allow a privileged authenticated user to...

CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

Sql injection

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

CVE-2021-35487

Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...

CVE-2018-5704

Open On-Chip Debugger OpenOCD 0.10.0 does not block attempts to use HTTP POST for sending data to 127.0.0.1 port 4444, which allows remote attackers to conduct cross-protocol scripting attacks, and consequently execute arbitrary commands, via a crafted web site...