44 matches found
CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...
CVE-2021-47691 Nagios XI < 5.8.2 Core Config Manager (CCM) XSS via Services Page
The Core Config Manager CCM in Nagios XI versions prior to CCM 3.1.1 / Nagios XI 5.8.2 contains multiple cross-site scripting XSS vulnerabilities via the Services page affecting the configname and servicedescription fields. Insufficient validation or escaping of user-supplied input may allow an...
CVE-2021-47691
The Nagios XI Core Config Manager (CCM) is affected by cross-site scripting (XSS) vulnerabilities in CCM prior to 3.1.1 and Nagios XI prior to 5.8.2. The issue arises from insufficient validation/escaping of user-supplied input in the Services page, specifically the config_name and service_descri...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI CCM versions prior to version 3.1.1 and Nagios XI version 5.8....
CVE-2021-37558
A SQL injection vulnerability in a MediaWiki script in Centreon before 20.04.14, 20.10.8, and 21.04.2 allows remote unauthenticated attackers to execute arbitrary SQL commands via the hostname and servicedescription parameters. The vulnerability can be exploited only when a valid Knowledge Base U...
CVE-2024-29736
A Server-side request forgery SSRF vulnerability was found in Apache CXF in the WADL service description. The flaw allows an attacker to perform SSRF-style attacks on REST web services. The attack only applies if a custom stylesheet parameter is configured. Mitigation Mitigation for this issue is...
cv.igrp:igrp-core (>=2.0.0.231123-RC1 <=2.0.0.250216-GA), net.n2oapp.framework.security:coverage (>=7.2.0 <=8.0.13) +111 more potentially affected by CVE-2024-29736 via org.apache.cxf:cxf-rt-rs-service-description (>=4.0.0 <=4.0.4)
org.apache.cxf:cxf-rt-rs-service-description MAVEN version =4.0.0, =2.0.0.231123-RC1, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =7.2.0, =6.1.1, =4.0.0, =4.0.0, =4.0.0, =4.0.11 and more Source cves: CVE-2024-29736 Source advisory: OSV:GHSA-5M3J-PXH7-455P...
GHSA-5M3J-PXH7-455P Apache CXF: SSRF vulnerability via WADL stylesheet parameter
A SSRF vulnerability in WADL service description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9 allows an attacker to perform SSRF style attacks on REST webservices. The attack only applies if a custom stylesheet parameter is configured...
com.craterdog.maven-parent-poms:java-web-service (>=3.11 <=3.22), com.devonfw.modules:devonfw-i18n (=2.4.0) +329 more potentially affected by CVE-2024-29736 via org.apache.cxf:cxf-rt-rs-service-description (>=3.0.0-milestone1 <=3.5.8)
org.apache.cxf:cxf-rt-rs-service-description MAVEN version =3.0.0-milestone1, =3.11, =1.0.0, =3.0.0, =3.0.0, =3.0.0, =1.7.2.230613, =1.7.2.230622, =2.2.24.11, =2.2.10, =2.2.7, =2.2.9.1, =2.2.7, =2.2.7, =2.2.23.1 and more Source cves: CVE-2024-29736 Source advisory: OSV:GHSA-5M3J-PXH7-455P...
io.hyte.platform:hyte-db (=4.4.6.hyte-24270), io.hyte.platform:hyte-mq (=4.4.6.hyte-24270) +23 more potentially affected by CVE-2024-29736 via org.apache.cxf:cxf-rt-rs-service-description (>=3.6.0 <=3.6.3)
org.apache.cxf:cxf-rt-rs-service-description MAVEN version =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.0, =3.6.11 and more Source cves: CVE-2024-29736 Source advisory: OSV:GHSA-5M3J-PXH7-455P...
CVE-2022-29474
On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, 13.1.x versions prior to 13.1.5, and all versions of 12.1.x and 11.6.x, a directory traversal vulnerability exists in iControl SOAP that allows an authenticated attacker with at...
GHSA-2C4W-2PX5-9X3X Apache Axis allows Exposure of Sensitive Information to an Unauthorized Actor
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message...
The vulnerability of the software used to implement the hypertext environment in the Centreon IT infrastructure monitoring software allows a hacker to execute arbitrary SQL commands.
The vulnerability of the software for implementing the hypertext environment in the Centreon IT infrastructure monitoring software is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary SQL commands...
Centreon SQL注入漏洞
Centreon Merethis Centreon is a set of open source system monitoring tools from the French company Centreon . The product provides monitoring capabilities for network, system and application resources. A security vulnerability exists in the Centreon MediaWiki script that could allow a remote,...
CVE-2018-8062
A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...
CVE-2018-8062
A cross-site scripting XSS vulnerability on Comtrend AR-5387un devices with A731-410JAZ-C04R02.A2pD035g.d23i firmware allows remote attackers to inject arbitrary web script or HTML via the Service Description parameter while creating a WAN service...
Whatportis - A Command To Search Port Names And numbers
It often happens that we need to find the default port number for a specific service, or what service is normally listening on a given port. Usage This tool allows you to find what port is associated with a service: $ whatportis redis...
CVE-2013-3862
Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager SCM, aka "Service Control Manager Double Free Vulnerability."...
Double free
Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager SCM, aka "Service Control Manager Double Free Vulnerability."...
CVE-2013-3862
Double free vulnerability in Microsoft Windows 7 and Server 2008 R2 SP1 allows local users to gain privileges via a crafted service description that is not properly handled by services.exe in the Service Control Manager SCM, aka "Service Control Manager Double Free Vulnerability."...