Security Bulletin: Apache Commons IO used by IBM InfoSphere Identity Insight has a potential vulnerability (CVE-2024-47554)

Summary The Apache Commons IO used by Identity Insight is vulnerable to a denial of service, caused by an uncontrolled resource consumption flaw in the org.apache.commons.io.input.XmlStreamReader class. By sending a specially crafted input, a remote attacker could exploit this vulnerability to...

Joomla! Access Control Vulnerability (20250103)

Joomla! is prone to an improper access control vulnerability in multiple core views. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Fedora: Security Advisory (FEDORA-2024-d6b0e72e3d)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Arctera Data Insight 安全漏洞

Arctera Data Insight is a data management software from Veritas Technologies. A security vulnerability exists in Arctera Data Insight versions prior to 7.1.1. An attacker exploiting this vulnerability could perform a SQL injection attack...

PT-2024-32028 · Veritas · Veritas Data Insight

Name of the Vulnerable Software and Affected Versions: Veritas / Arctera Data Insight versions prior to 7.1.1 Description: The issue allows Application Administrators to conduct SQL injection attacks, potentially leading to information disclosure. This is due to improper neutralization of special...

CVE-2021-40959

A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall AIWAF = 4.1.6 and =5.0 was identified on the subpage /processmanagement/processstatus.xhr.php. This vulnerability allows an attacker to inject malicious scripts that execute in the context of...

CVE-2021-40959

A reflected cross-site scripting vulnerability in MONITORAPP Application Insight Web Application Firewall AIWAF = 4.1.6 and =5.0 was identified on the subpage /processmanagement/processstatus.xhr.php. This vulnerability allows an attacker to inject malicious scripts that execute in the context of...

MONITORAPP Application Insight Web Application Firewall 安全漏洞

MONITORAPP Application Insight Web Application Firewall MONITORAPP AIWAF is a WEB FIREWALL from MONITORAPP USA. A security vulnerability exists in MONITORAPP Application Insight Web Application Firewall. An attacker can exploit this vulnerability to inject malicious scripts...

CVE-2021-40959

CVE-2021-40959 – MONITORAPP AIWAF is affected by a reflected cross-site scripting vulnerability on the subpage /process_management/process_status.xhr.php. Affected versions are AIWAF <= 4.1.6 and

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2024-2948)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Huawei EulerOS: Security Advisory for OpenIPMI (EulerOS-SA-2024-2955)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-11401

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...

CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...

CVE-2024-11401 Rapid7 Insight Platform Privilege Escalation Vulnerability

Rapid7 Insight Platform versions prior to November 13th 2024, suffer from a privilege escalation vulnerability whereby, due to a lack of authorization checks, an attacker can successfully update the password policy in the platform settings as a standard user by crafting an API the functionality w...

CVE-2024-11401

Rapid7 Insight Platform shows a privilege escalation vulnerability in versions prior to 2024-11-13, where a standard user can update the password policy via the platform API due to missing authorization checks (not possible through the UI). The issue is documented as fixed as of 2024-11-13. Appli...

Rapid7 Insight Platform 安全漏洞

Rapid7 Insight Platform is a platform for managing profiles, users, products, API keys and settings from Rapid7 USA. Rapid7 Insight Platform has a security vulnerability that stems from a lack of authorization checks. An attacker can exploit the vulnerability to elevate privileges...

MyBB <= 1.8.38 XSS Vulnerability

MyBB is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mybb:mybb";...

The vulnerability of the Desigo Insight building management software lies in the improper restriction on the visible layers of the user interface. This allows a hacker to redirect users to any desired website.

The vulnerability of the Desigo Insight building management software is related to an improper limitation on the visible layers of the user interface. Exploiting this vulnerability could allow a malicious actor to redirect users to any desired website...

The vulnerability of the processAtatchmentDataStream method implementation in the software for remote monitoring, management, and support of servers and data storage systems, HPE Insight Remote Support, allows a attacker to execute arbitrary code.

The vulnerability of the processAtatchmentDataStream method implementation in the software for remote monitoring, management, and support of servers and data storage systems in HPE Insight Remote Support relates to the use of files and directories accessible to external parties. Exploiting this...

Hewlett Packard Enterprise Insight Remote Support processAtatchmentDataStream Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Hewlett Packard Enterprise Insight Remote Support. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the processAtatchmentDataStream...