287 matches found
Joomla 4.0.x < 4.2.4 Multiple Vulnerabilities (5870-joomla-4-2-4-security-release)
According to its self-reported version, the instance of Joomla! running on the remote web server is 4.0.x prior to 4.2.4. It is, therefore, affected by multiple vulnerabilities. - Joomla 4 sites with publicly enabled debug mode exposed data of previous requests. CVE-2022-27912 - Inadequate...
Drupal 9.3.x < 9.3.19 Multiple Vulnerabilities
According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.91, 9.3.x prior to 9.3.19 or 9.4.x prior to 9.4.3. It is, therefore, affected by multiple vulnerabilities: - In some situations, the Image module does not correctly check access to...
phpMyAdmin 4.9.x < 4.9.6 Multiple Vulnerabilities
The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.6 or 5.0.x prior to 5.0.3. It is, therefore, affected by multiple vulnerabilities. - It may permit an attacker to craft a malicious link leading to a Cross-Site Scripting attack XSS vulnerability if a user clicks o...
Atlassian Jira 8.21.x < 8.22.4 Server-Side Request Forgery
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is 8.0.x prior to 8.13.22, 8.14.x prior to 8.20.10 or 8.21.x prior to 8.21.4. It is, therefore, affected by a vulnerability allowing a remote, authenticated user including a user who join...
NewStart CGSL MAIN 6.02 : gupnp Multiple Vulnerabilities (NS-SA-2022-0060)
The remote NewStart CGSL host, running version MAIN 6.02, has gupnp packages installed that are affected by multiple vulnerabilities: - The Open Connectivity Foundation UPnP specification before 2020-04-17 does not forbid the acceptance of a subscription request with a delivery URL on a different...
NewStart CGSL CORE 5.05 / MAIN 5.05 : gupnp Vulnerability (NS-SA-2022-0036)
The remote NewStart CGSL host, running version CORE 5.05 / MAIN 5.05, has gupnp packages installed that are affected by a vulnerability: - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to...
Authentication Bypass
ReadyMedia is vulnerable to authentication bypass. The vulnerability exists due to a rebinding issue which allows an attacker to exfiltrate media files of a remote web server...
Joomla! 2.5.x < 3.10.7 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.10.7 or 4.x prior to 4.1.1. It is, therefore, affected by multiple vulnerabilities. - Extracting an specifilcy crafted tar package could write files outside of the intended path...
CVE-2022-26505
A DNS rebinding issue in ReadyMedia formerly MiniDLNA before 1.3.1 allows a remote web server to exfiltrate media files...
CVE-2022-26505
A DNS rebinding issue in ReadyMedia formerly MiniDLNA before 1.3.1 allows a remote web server to exfiltrate media files...
ReadyMedia 安全漏洞
ReadyMedia formerly MiniDLNA is a set of media service software compatible with LNA/UPnP-AV clients. The software supports media files such as music, pictures, videos, etc. A security vulnerability in DNS exists in versions of ReadyMedia formerly MiniDLNA prior to 1.3.1, which stems from a DNS...
CVE-2022-26505
A DNS rebinding issue in ReadyMedia formerly MiniDLNA before 1.3.1 allows a remote web server to exfiltrate media files...
Rocky Linux 8 : gupnp (RLSA-2021:2363)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:2363 advisory. - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to...
Jenkins Git Plugin < 4.8.3 XSS
According to its its self-reported version number, the version of the Jenkins Git Plugin running on the remote web server is prior to 4.8.3. It is, therefore, affected by a cross-site scripting vulnerability due to it not escaping the Git SHA-1 checksum parameters provided to commit notifications...
PHP 7.3.x < 7.3.32 Privilege Escalation
According to its self-reported version number, the version of PHP running on the remote web server is 7.3.x priori to 7.3.32, 7.4.x prior to 7.4.25 or 8.0.x prior to 8.0.12. It is, therefore, affected by a privilege escalation vulnerability. The root FPM process can be forced to read/write at...
NewStart CGSL CORE 5.04 / MAIN 5.04 : gupnp Vulnerability (NS-SA-2021-0115)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has gupnp packages installed that are affected by a vulnerability: - An issue was discovered in GUPnP before 1.0.7 and 1.1.x and 1.2.x before 1.2.5. It allows DNS rebinding. A remote web server can exploit this vulnerability to...
PHP 8.0.x < 8.0.12 Privilege Escalation
According to its self-reported version number, the version of PHP running on the remote web server is 7.3.x priori to 7.3.32, 7.4.x prior to 7.4.25 or 8.0.x prior to 8.0.12. It is, therefore, affected by a privilege escalation vulnerability. The root FPM process can be forced to read/write at...
Jetty < 9.4.41 Multiple Vulnerabilities
According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities: - An issue with failure to invalidate sessions after an exception in t...
Jetty 10.0.x < 10.0.3 Multiple Vulnerabilities
According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities: - An issue with failure to invalidate sessions after an exception in t...
Jetty 11.0.x < 11.0.3 Multiple Vulnerabilities
According to its self-reported version number, the instance of Jetty hosted on the remote web server is prior to 9.4.41, 10.0.x prior to 10.0.3 or 11.0.x prior to 11.0.3. It is, therefore, affected by multiple vulnerabilities: - An issue with failure to invalidate sessions after an exception in t...