Pegasystem Synchronization Engine 信任管理问题漏洞

Pegasystem Synchronization Engine is a synchronization engine application from Pegasystem Corporation. A security vulnerability exists in Pegasystem Synchronization Engine versions 3.1.1 through 3.1.27, which can be exploited by a user with non-administrative access to change the configuration fi...

CVE-2022-39178

Webvendome - webvendome Internal Server IP Disclosure. Send GET Request to the request which is shown in the picture. Internal Server IP and Full path disclosure...

PT-2022-24792 · Unknown · Webvendome

Name of the Vulnerable Software and Affected Versions: Webvendome affected versions not specified Description: The issue concerns an internal server IP disclosure in Webvendome. It can be triggered by sending a GET request to a specific endpoint, although the exact endpoint is not specified in th...

h2: Remote Code Execution in Console

A flaw was found in h2. The org.h2.util.JdbcUtils.getConnection method of the H2 database takes as parameters the class name of the driver and URL of the database. This flaw allows an attacker to use this URL to send another server’s code, causing remote code execution. This issue is exploited...

CVE-2022-24654

Authenticated stored cross-site scripting XSS vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload...

CVE-2022-24654

Authenticated stored cross-site scripting XSS vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload...

CVE-2022-24654

Authenticated stored cross-site scripting XSS vulnerability in "Field Server Address" field in INTELBRAS ATA 200 Firmware 74.19.10.21 allows attackers to inject JavaScript code through a crafted payload...

IIntelbras ATA 200 跨站脚本漏洞

Intelbras ATA 200 is a VOIP line adapter for analog telephones from Intelbras, Brazil. It is intended to be integrated between telephone systems. A security vulnerability exists in Intelbras ATA 200 version 74.19.10.21, which originates from the storage of cross-site scripting in the "Field Serve...

Cybele Software Thinfinity VirtualUI 信息泄露漏洞

Cybele Software Thinfinity VirtualUI is a solution from Cybele Software, Inc. that supports embedding remote Windows applications into standard web applications to allow two-way interaction with Javascript programming. Cybele Software Thinfinity VirtualUI suffers from an information disclosure...

DEBIAN-CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

UBUNTU-CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

CVE-2021-40491

The ftp client in GNU Inetutils before 2.2 does not validate addresses returned by PASV/LSPV responses to make sure they match the server address. This is similar to CVE-2020-8284 for curl...

CVE-2021-34207

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field...

CVE-2021-34207

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field...

Cross site scripting

Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 Important Update, new UI allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field...

Design/Logic Flaw

Due to the Asset Explorer agent not validating HTTPS certificates, an attacker on the network can statically configure their IP address to match the Asset Explorer's Server IP address. This will allow an attacker to send a NEWSCAN request to a listening agent on the network as well as receive the...

SAML: Getting "Your account cannot be added with this server address" error when accessing Citrix Access Gateway Vserver FQDN on Citrix Workspace

Users will see "Your account cannot be added with this server address" error when accessing Citrix Access Gateway Vserver FQDN on Citrix Workspace...

dnsmasq -- cache poisoning vulnerability in certain configurations

Simon Kelley reports: In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the random source port behavior was disabled, making cache poisoning attacks possible. This only affects configurations of the form...

Unauthorized Access Vulnerability in Lenovo Filez Enterprise Web Drive

Lenovo Filez Enterprise Web Disk is an enterprise file collaboration and management platform based on cloud storage. Lenovo Filez Enterprise Nethub has an unauthorized access vulnerability that can be exploited by an attacker to gain unauthorized access to the name of the enterprise, the address ...

Nextcloud Desktop Client Cross-Site Scripting Vulnerability

Nextcloud is a suite of client-server software for creating file hosting services and using them.Nextcloud Desktop Client is the Nextcloud desktop client. A cross-site scripting vulnerability exists in Nextcloud Desktop Client 2.6.4. An attacker can exploit this vulnerability via an invalid serve...