86 matches found
Design/Logic Flaw
Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier implements an agent/controller message that does not limit where it can be executed, allowing attackers able to control agent processes to obtain the values of Java system properties from the Jenkins...
CVE-2022-34002
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...
CVE-2022-34002
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...
CVE-2022-34002
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...
Design/Logic Flaw
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...
CVE-2022-34002
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...
CVE-2022-34002
The CVE-2022-34002 issue affects PDS Vista 7 and concerns a Local File Inclusion vulnerability in the /application/documents/display.aspx endpoint, specifically the document parameter. A low-privileged authenticated attacker could leak configuration files and source code of the web application. A...
PT-2022-21962 · Pds Vista · Pds Vista
Name of the Vulnerable Software and Affected Versions: PDS Vista version 7 Description: The issue concerns a Local File Inclusion vulnerability in the document parameter of the "/application/documents/display.aspx" API endpoint. This allows a low-privileged authenticated attacker to leak...
The vulnerability of the Jenkins Compuware Source Code Download plugin for Endevor, PDS, and ISPW plugins is related to deficiencies in the authentication process, which allows attackers to gain unauthorized access to protected information.
The vulnerability of the Jenkins Compuware Source Code Download plugin for Endevor, PDS, and ISPW plugins is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to gain unauthorized access to protected information...
Jenkins Compuware Source Code Download is missing authorization
BMC Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stor...
CVE-2022-36896
A missing permission check in Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin 2.0.12 and earlier allows attackers with Overall/Read permission to enumerate hosts and ports of Compuware configurations and credentials IDs of credentials stored in Jenkins...
CVE-2022-36896
CVE-2022-36896 affects the Jenkins Compuware Source Code Download for Endevor, PDS, and ISPW Plugin (versions 2.0.12 and earlier). The root cause is a missing permission check on several HTTP endpoints, enabling attackers with Overall/Read permission to enumerate Compuware hosts/ports and credent...
Millewin 13.39.146.1 - Local Privilege Escalation
Exploit Title: Millewin 13.39.146.1 - Local Privilege Escalation Date: 2021-02-07 Author: Andrea Intilangelo Vendor Homepage: https://www.millewin.it Software Homepage: https://www.millewin.it/index.php/prodotti/millewin Software Link:...
skipass-pds-ch.ch Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-1143621 Security Researcher metamorfosec Helped patch 1957 vulnerabilities Received 9 Coordinated Disclosure badges Received 31 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting skipass-pds-ch.ch...
aequitas (>=0.26.0 <=0.42.0), codalab (>=0.5.29 <=0.5.52) +13 more potentially affected by CVE-2018-5773 via markdown2 (>=2.3.0 <=2.3.5)
markdown2 PYPI version =2.3.0, =0.26.0, =0.5.29, =3.8.3, =0.0.1, =0.7.0a1, =0.4.3, =2.1.0, =1.13.0, =2.1.0, =2.24.1, =4.2.0, =5.5.5 Source cves: CVE-2018-5773 Source advisory: OSV:GHSA-P6H9-GW49-RQM4...
Security Bulletin: Multiple Security Vulnerabilities in Certain GUI Components of IBM Algo Credit Limits.
Summary Abstract: Multiple security vulnerabilities exist in certain GUI components of IBM Algo Credit Limits, namely ACLM Web GUI, PDS Blotter Web GUI, and ACLM Win GUI. Details of each vulnerability and the affected components are set out below. Vulnerability Details DESCRIPTION: Customers who...
CVE-2014-7294
Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services PDS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the url parameter...
CVE-2014-7294
CVE-2014-7294 is an open redirect vulnerability in the logon page of Ex Libris Patron Directory Services (PDS) OpenSSO Integration 2.1 and earlier . The root cause is improper redirect handling in the login flow, allowing remote attackers to craft a URL with a redirect target in the url parameter...
HP-UX 10.x stmkfont Alternate Typeface Library Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/6836/info A buffer overflow vulnerability has been reported in the stmkfont utility shipped with HP-UX systems. The problem occurs due to insufficient bounds checking on user-suplied data to the alternate typeface library...
HP-UX 10.x stmkfont Alternate Typeface Library Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/6836/info A buffer overflow vulnerability has been reported in the stmkfont utility shipped with HP-UX systems. The problem occurs due to insufficient bounds checking on user-suplied data to the alternate typeface library...