98 matches found
SUSE CVE-2023-25734
After downloading a Windows .url shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system. This also had the potential to leak NTLM credentials to the resource.This bug only affects Firefox on Windows. Othe...
SUSE CVE-2007-2446
Multiple heap-based buffer overflows in the NDR parsing in smbd in Samba 3.0.0 through 3.0.25rc3 allow remote attackers to execute arbitrary code via crafted MS-RPC requests involving 1 DFSEnum netdfsiodfsEnumInfod, 2 RFNPCNEX smbionotifyoptiontypedata, 3 LsarAddPrivilegesToAccount...
UBUNTU-CVE-2022-36314
When opening a Windows shortcut from the local filesystem, an attacker could supply a remote path that would lead to unexpected network requests from the operating system.This bug only affects Firefox for Windows. Other operating systems are unaffected.. This vulnerability affects Firefox ESR...
Exploit for Code Injection in Vmware Spring_Cloud_Gateway
SpringAllReachable A graphical tool for rapid exploitati...
CVE-2022-38931
A Server-Side Request Forgery SSRF in fetchnetfileupload function of baijiacmsV4 v4.1.4 allows remote attackers to force the application to make arbitrary requests via injection of arbitrary URLs into the url parameter...
The vulnerability of the ipynb Notebook component of the Git-based software platform for collaborative code development on GitLab allows a hacker to send arbitrary HTTP requests.
The vulnerability of the ipynb Notebook component of the Git-based software development platform for collaborative code editing on GitLab is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to send arbitrary HTTP requests remotely...
Cybele Software Thinfinity VirtualUI 信息泄露漏洞
Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. Cybele Software Thinfinity VirtualUI suffers from an information disclosure...
CVE-2021-43141
Cross Site Scripting XSS vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in planapplication...
GHSA-7RQ6-7GV8-C37H Missing Authorization with Default Settings in Dashboard UI
Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, LocalRequestsOnlyAuthorizationFilter filter is being used to allow only local requests and prohibit all the remote...
Missing Authorization with Default Settings in Dashboard UI
Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, LocalRequestsOnlyAuthorizationFilter filter is being used to allow only local requests and prohibit all the remote...
CVE-2021-41238
Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...
Authorization
Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...
CVE-2021-41238
Hangfire.Core Dashboard UI in Hangfire (for .NET/.NET Core) was vulnerable when the default DashboardOptions.Authorization allowed remote requests due to missing authorization filters in version 1.7.25. The root cause was that LocalRequestsOnlyAuthorizationFilter was not applied by default, permi...
CVE-2021-34706
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to access sensitive information or conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper handling...
DEBIAN-CVE-2020-25692
A NULL pointer dereference was found in OpenLDAP server and was fixed in openldap 2.4.55, during a request for renaming RDNs. An unauthenticated attacker could remotely crash the slapd process by sending a specially crafted request, causing a Denial of Service...
Aruba Airwave Software Server-Side Request Forgery Vulnerability
Aruba Airwave Software is a network monitoring software that helps users view real-time data and situational reports for every user, device, and segment of the network. A server-side request forgery vulnerability exists in Aruba Airwave Software versions prior to 1.3.2, which allows an attacker t...
The vulnerability of the Customer component of the MICROS Relate CRM Software allows a perpetrator to compromise the confidentiality and integrity of the protected information.
The vulnerability of the Customer component of the MICROS Relate CRM Software lies in the lack of access control mechanisms. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality and integrity of the protected information by sending specially crafted HTTP reques...
PT-2019-16954 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.0 through 11.1 Description: The issue allows a remote user to send specially crafted requests that could consume all available CPU and memory resources, resulting in a denial of service attack. Recommendations...
LibreOffice < 6.2.5 Multiple Vulnerabilities (macOS)
The version of LibreOffice installed on the remote macOS host is prior to 6.2.5. It is, therefore, affected by multiple vulnerabilities : - An arbitrary script execution vulnerability exists due to a flaw allowing event-based execution of python scripts within a document. Note, LibreLogo must be...
PT-2019-2044 · Cisco · Cisco Ftd +1
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the WebVPN login process could allow an unauthenticated...