4423 matches found
MariaDB 10.0.0 < 10.0.12 Multiple Vulnerabilities
The version of MariaDB installed on the remote host is prior to 10.0.12. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.0.12 advisory. - Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.5.37 and earlier and 5.6.17 and earlier allows remote...
CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities
On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 announcing fixes for three vulnerabilities: CVE-2022-27510 “Unauthorized access to Gateway user capabilities” CVE-2022-27513 “Remote desktop takeover via...
CVE-2022-42126
The CVE-2022-42126 entry affects the Asset Libraries module in Liferay Portal 7.3.5–7.4.3.28 and Liferay DXP 7.3 before update 8, and DXP 7.4 before update 29. Root cause: improper permission checks allow remote authenticated users to view asset libraries via the UI. Practical impact is exposure ...
VMWare Hyperic 代码问题漏洞
VMWare Hyperic is an application monitoring component of the Cloud Application Platform from VMWare, Inc. It enables IT professionals to manage the performance and availability of customized web applications in physical, virtual, and cloud environments. A code issue vulnerability exists in VMWare...
VMware Hyperic 代码问题漏洞
VMWare Hyperic is an application monitoring component of the Cloud Application Platform from VMWare, Inc. It enables IT professionals to manage the performance and availability of customized web applications in physical, virtual and cloud environments. A code issue vulnerability exists in VMware...
CVE-2022-26088
An issue was discovered in BMC Remedy before 22.1. Email-based Incident Forwarding allows remote authenticated users to inject HTML such as an SSRF payload into the Activity Log by placing it in the To: field. This affects rendering that occurs upon a click in the "number of recipients" field...
CVE-2022-26088
CVE-2022-26088 affects BMC Remedy ITSM Suite prior to 22.1. Email-based Incident Forwarding can let remote authenticated users inject HTML (including SSRF payloads) into the Activity Log by placing content in the To: field, influencing rendering when the number of recipients is clicked. The vulne...
Vulnerabilities fixed in Citrix Gateway and Citrix ADC
Citrix has fixed vulnerabilities in Citrix Gateway and Citrix ADC. A malicious party could exploit the vulnerabilities to circumvent security measures via bypassing authentication, security measures, or through brute-force methods, gain access to user environments. The vulnerability with referenc...
CVE-2022-20937
A vulnerability in a feature that monitors RADIUS requests on Cisco Identity Services Engine ISE Software could allow an unauthenticated, remote attacker to negatively affect the performance of an affected device. This vulnerability is due to insufficient management of system resources. An attack...
Cisco Identity Services Engine 资源管理错误漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The ISE collects real-time information about the network, users, and devices to develop and implement policies to monitor the network. A resource management error vulnerability exists in...
CVE-2022-35132
The CVE-2022-35132 vulnerability affects Webmin/Usermin (up to version 1.850). It allows a remote authenticated user to execute OS commands via command injection in a filename used by the GPG module. Root cause: improper handling of the GPG module filename enables command execution. Impact is hig...
Vulnerability fixed in Palo Alto PAN-OS
Palo Alto has fixed a vulnerability in PAN-OS. The vulnerability allows a malicious person to remotely bypass authentication and impersonate an existing PAN-OS Administrator. This allows the malicious party with administrator privileges to perform actions and execute arbitrary code. Palo Alto...
Security Bulletin: XML External Entity (XXE) security vulnerability in InfoSphere Guardium (CVE-2012-3339)
Abstract XML External Entity XXE security vulnerability in InfoSphere Guardium allows remote authenticated users to obtain sensitive information via unspecified vectors. Content VULNERABILITY DETAILS: CVE ID: CVE-2012-3339 DESCRIPTION: User can get to an error report containing content of a file ...
Unified Remote Authentication Bypass / Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Unified Remote Auth Bypass to RCE', 'Description' = %q This module utilizes the Unified Remote remote control protocol to type out and deploy a...
CVE-2022-37880
Aruba ClearPass Policy Manager: Vulnerability in the web-based management interface allows remote authenticated users to execute arbitrary commands on the underlying host with root privileges, enabling complete system compromise. Affected: ClearPass Policy Manager 6.10.x (≤6.10.6) and 6.9.x (≤6.9...
CVE-2022-37879
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
CVE-2022-37882
Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to comple...
CVE-2022-40713
CVE-2022-40713 affects NOKIA 1350OMS R14.2. Multiple Relative Path Traversal flaws exist in different endpoints via the file parameter, allowing a remote authenticated attacker to read arbitrary files on the filesystem. The NVD/NVD-derived CVSSv3.1 metrics show a base score of 6.5 (Medium) with N...
PT-2022-24594 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EsppoCRM version 7.1.8 Description: The issue allows remote authenticated users to run system commands via creating contacts with payloads capable of executing system commands. An admin user exporting contacts in a CSV file may end up executi...
CVE-2022-22520
A remote, unauthenticated attacker can enumerate valid users by sending specific requests to the webservice of MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual in all versions through v2.11.2...