SolarWinds Web Help Desk < 12.8.4 Multiple Vulnerabilities

The version of Solarwinds Web Help Desk installed on the remote host is prior to 12.8.4. It is, therefore, affected by multiple vulnerabilities as referenced in the 12.8.4 release notes. - Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not...

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

CVE-2024-45709

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...

CVE-2024-45709

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...

CVE-2024-45709 SolarWinds Web Help Desk Local File Read Vulnerability

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...

CVE-2024-45709

CVE-2024-45709 affects SolarWinds Web Help Desk. The vulnerability is a local file read flaw that requires the product to be installed on Linux and configured to use a non-default development/test mode, which limits exposure. The available sources do not specify affected versions (beyond the Linu...

CVE-2024-45709 SolarWinds Web Help Desk Local File Read Vulnerability

SolarWinds Web Help Desk was susceptible to a local file read vulnerability. This vulnerability requires the software be installed on Linux and configured to use non-default development/test mode making exposure to the vulnerability very limited...

SolarWinds Web Help Desk 路径遍历漏洞

SolarWinds Web Help Desk is a suite of help desk and asset management software from US-based SolarWinds. The software supports centralized knowledge base, IT asset management, project and task management, and other features. SolarWinds Web Help Desk suffers from a path traversal vulnerability tha...

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

CVE-2024-55550

Mitel MiCollab through 9.8 SP2 could allow an authenticated attacker with administrative privilege to conduct a local file read, due to insufficient input sanitization. A successful exploit could allow the authenticated admin attacker to access resources that are constrained to the admin access...

CVE-2024-55550

CVE-2024-55550 affects Mitel MiCollab up to 9.8 SP2. The primary description indicates an authenticated administrator can perform a local file read due to insufficient input sanitization, exposing non-sensitive system information without modification or privilege escalation. The connected nuclei ...

Versa Director 安全漏洞

Versa Director is a virtualization and service creation platform from Versa USA. It simplifies the creation, automation and delivery of services using Versa FlexVNF. A security vulnerability exists in Versa Director versions prior to 22.1.4, which stems from a generic password in the default...

Vendure asset server plugin has local file read vulnerability with AssetServerPlugin & LocalAssetStorageStrategy

Description Path traversal This vulnerability allows an attacker to craft a request which is able to traverse the server file system and retrieve the contents of arbitrary files, including sensitive data such as configuration files, environment variables, and other critical data stored on the...

PT-2024-10183 · Mitel · Mitel Micollab

Name of the Vulnerable Software and Affected Versions: Mitel MiCollab versions through 9.8 SP2 Description: Mitel MiCollab is susceptible to a local file read issue stemming from insufficient input sanitization. A successful exploit allows an authenticated attacker with administrative privileges ...

XML External Entity (XXE) Injection

Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection via the IOFactory::load function. An attacker can read local files or potentially execute arbitrary code by uploading a malicious XLSX template that contains a specially crafted XML payload. This is onl...

GHSA-534C-HCR7-67JG Kimai has an XXE Leading to Local File Read

Summary Kimai uses PHPSpreadsheet for importing and exporting invoices. Recently, a CVE was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. Details Exploitation requires an Administrator account, allowing the upload of an XLSX template containing the payload. The...

Kimai has an XXE Leading to Local File Read

Summary Kimai uses PHPSpreadsheet for importing and exporting invoices. Recently, a CVE was identified in PHPSpreadsheet, which could lead to an XXE vulnerability. Details Exploitation requires an Administrator account, allowing the upload of an XLSX template containing the payload. The...

PT-2024-40087 · Unknown +1 · Phpspreadsheet +1

Name of the Vulnerable Software and Affected Versions: Kimai versions affected versions not specified PHPSpreadsheet versions affected versions not specified Description: The issue is related to an XXE vulnerability in PHPSpreadsheet, which is used by Kimai for importing and exporting invoices...

VulnCheck KEV: CVE-2023-28461

Array Networks AG and vxAG ArrayOS contain a missing authentication for critical function vulnerability that allows an attacker to read local files and execute code on the SSL VPN gateway...