83 matches found
CrushFTP < 11.1.0 - Directory Traversal
Exploit Title: CrushFTP Directory Traversal Google Dork: N/A Date: 2024-04-30 Exploit Author: Abdualhadi khalifa https://twitter.com/absholily Vendor Homepage: https://www.crushftp.com/ Software Link: https://www.crushftp.com/download/ Version: below 10.7.1 and 11.1.0 as well as legacy 9.x Tested...
Exploit for Path Traversal in Apache Http_Server
CVE-2021-42013 Vulnerability Scanner This Python script check...
Design/Logic Flaw
Mattermost fails to properly validate a RegExp built off the server URL path, allowing an attacker in control of an enrolled server to mount a Denial Of Service...
CVE-2023-5876
Mattermost security issue CVE-2023-5876: a RegExp built from the server URL path is not properly validated, allowing a malicious server-enrolled attacker to cause a Denial of Service. Descriptions across sources attribute this to Mattermost and note vulnerability affects Mattermost versions up to...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from US-based Mattermost. A security vulnerability exists in Mattermost version 5.5.0 and prior versions, which stems from an inability to properly validate a regular expression constructed based on the path to a server URL, resulting in a denia...
Workspace error "Unable to add account with the given server URL"
After adding Gateway URL on Windows Workspace, we can see below error: -------- Unable to add account with the given server URL. Ensure that it is correct or enter your email address --------...
CVE-2023-26466
A user with non-Admin access can change a configuration file on the client to modify the Server URL...
Default configuration
A user with non-Admin access can change a configuration file on the client to modify the Server URL...
CVE-2023-26466
A user with non-Admin access can change a configuration file on the client to modify the Server URL...
CVE-2023-26466
A user with non-Admin access can change a configuration file on the client to modify the Server URL...
CVE-2023-26466
CVE-2023-26466 concerns Pegasystem PEGA Platform. A user with non-admin privileges can modify a client configuration file to change the Server URL, enabling potential manipulation of where the client talks to. The CVSS-derived impact is rated high across confidentiality, integrity, and availabili...
CVE-2023-0093
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need t...
CVE-2023-23943 Blind SSRF via server URL input in the Nextcloud Mail app
Nextcloud mail is an email app for the nextcloud home server platform. In affected versions the SMTP, IMAP and Sieve host fields allowed to scan for internal services and servers reachable from within the local network of the Nextcloud Server. It is recommended that the Nextcloud Maill app is...
TECSON/GOK SmartBox 授权问题漏洞
TECSON/GOK SmartBox is a family of electronic fuel tank management systems from TECSON/GOK, Germany. An authorization issue vulnerability exists in four products in the TECSON/GOK SmartBox family, which arises from a lack of fully implemented access control rules, which could allow a malicious us...
PT-2021-23212 · Unknown +1 · Graphql-Playground-React +2
Name of the Vulnerable Software and Affected Versions: graphiql versions prior to 1.4.7 graphql-playground-react versions prior to 1.7.28 Description: The vulnerability allows for compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a...
SUSE: Security Advisory (SUSE-SU-2019:3266-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2020-12608
An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...
SSRF when adding Jira server in admin plugin
h2. Please be aware that Atlassian does not consider this issue to represent a security risk as the functionality is restricted to users with administrative rights. h3. Issue Summary When adding a Jira server in Bamboo under the "User directories" module, an attacker can put any value in the...
CVE-2018-1002102
Improper validation of URL redirection in the Kubernetes API server in versions prior to v1.14.0 allows an attacker-controlled Kubelet to redirect API server requests from streaming endpoints to arbitrary hosts. Impacted API servers will follow the redirect as a GET request with client-certificat...
SUSE SLED12 / SLES12 Security Update : strongswan (SUSE-SU-2019:3266-1)
This update for strongswan provides the following fixes : Security issues fixed : CVE-2018-5388: Fixed a buffer underflow which may allow to a remote attacker with local user credentials to resource exhaustion and denial of service while reading from the socket bsc1094462. CVE-2018-10811: Fixed a...