16600 matches found
CVE-2024-20400
CVE-2024-20400 : Cisco Expressway Series web-based management interface vulnerability (Expressway-C/E) allows an unauthenticated, remote attacker to redirect a user to a malicious page due to improper input validation of HTTP parameters. A successful exploit could intercept/modify a user’s HTTP r...
CVE-2024-20429
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...
CVE-2024-20429
The CVE-2024-20429 entry concerns Cisco AsyncOS for Secure Email Gateway. Affected component: the web-based management interface. Root cause: insufficient input validation enabling Server-Side Template Injection. Impact: an authenticated user with Operator privileges could remotely execute arbitr...
CVE-2024-20429
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...
Cisco Secure Email Gateway Server-Side Template Injection Vulnerability
A vulnerability in the web-based management interface of Cisco AsyncOS for Secure Email Gateway could allow an authenticated, remote attacker to execute arbitrary system commands on an affected device. This vulnerability is due to insufficient input validation in certain portions of the web-based...
Cisco Expressway Series Open Redirect Vulnerability
A vulnerability in the web-based management interface of Cisco Expressway Series could allow an unauthenticated, remote attacker to redirect a user to a malicious web page. This vulnerability is due to improper input validation of HTTP request parameters. An attacker could exploit this...
CVE-2024-31979
Server-Side Request Forgery SSRF vulnerability in Apache StreamPipes during installation process of pipeline elements. Previously, StreamPipes allowed users to configure custom endpoints from which to install additional pipeline elements. These endpoints were not properly validated, allowing an...
IBM Datacap Navigator Information Disclosure Vulnerability (CNVD-2024-33363)
IBM Datacap Navigator is a Web client for Datacap from International Business Machines IBM. An information disclosure vulnerability exists in IBM Datacap Navigator that originates from displaying version information in an HTTP request, which can be exploited by an attacker to gather information...
Moderate: Red Hat Security Advisory: nodejs security update
An update for nodejs is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...
RHEL 8 : nginx (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication...
RHEL 9 : nodejs (RHSA-2024:4559)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4559 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language...
CVE-2024-38494
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36455
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-38494
Broadcom Symantec Privileged Access Management (PAM) contains a vulnerability that, when exploited by a high-privileged authenticated PAM user, enables remote command execution on the affected PAM system via a specially crafted HTTP request. Affected component appears to be the PAM software itsel...
CVE-2024-38494 Symantec Privileged Access Manager Remote Command Execution vulnerability
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36455 Symantec Privileged Access Manager Remote Command Execution vulnerability
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request...
CVE-2024-36455
Broadcom Symantec Privileged Access Management is affected by CVE-2024-36455 through an input validation error that allows an unauthenticated attacker to achieve remote command execution by sending a specially crafted HTTP request. The exposed component is PAM, and the root cause is improper inpu...
Broadcom Symantec Privileged Access Management 安全漏洞
Broadcom Symantec Privileged Access Management Broadcom Symantec PAM is a security software from Broadcom, Inc. It helps prevent security breaches by protecting sensitive administrative credentials, controlling privileged user access, proactively enforcing security policies, and monitoring and...
ROS-20240715-01
Vulnerability of Apache Tomcat application server's implementation of rejectIllegalHeader attribute is associated with flaws in processing HTTP requests containing Content-Length header. Exploitation of the vulnerability could allow an attacker acting remotely to send a hidden HTTP request HTTP...
CVE-2016-15039
A vulnerability classified as critical was found in mhuertos phpLDAPadmin up to 665dbc2690ebeb5392d38f1fece0a654225a0b38. Affected by this vulnerability is the function makeHttpRequest of the file htdocs/js/ajaxfunctions.js. The manipulation leads to http request smuggling. The attack can be...