12 matches found
Exposure of Sensitive Information
Overview Affected versions of this package are vulnerable to Exposure of Sensitive Information via a brute force attack. An attacker can collect valid usernames by repeatedly attempting to authenticate with different usernames. Remediation Upgrade Umbraco.Cms to version 10.8.1, 12.3.4 or higher...
CVE-2022-38207
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim’s browser...
CVE-2022-38203
Protections against potential Server-Side Request Forgery SSRF vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeratio...
Esri Portal For ArcGis 安全漏洞
Esri Portal For ArcGis is a component from Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Portal for ArcGIS version 10.8.1 and earlier, which stems from the presence of an...
Esri Portal For ArcGis 跨站脚本漏洞
Esri Portal For ArcGis is a component of Esri, Inc. that allows maps, scenes, applications, and other geographic information to be shared with others within an organization. A security vulnerability exists in Esri Portal For ArcGis versions 10.8.1 and earlier, which stems from the presence of a...
PT-2022-9908 · Esri · Esri Arcreader
Name of the Vulnerable Software and Affected Versions: Esri ArcReader versions 10.8.1 and earlier Description: An out-of-bounds read issue exists when parsing a specially crafted file, allowing an unauthenticated attacker to induce an information disclosure issue in the context of the current use...
CVE-2022-22919
Adenza AxiomSL ControllerView through 10.8.1 allows redirection for SSO login URLs...
Vulnerabilities fixed in Esri ArcGIS Server
Esri has fixed vulnerabilities in ArcGIS Server. A malicious party could exploit the vulnerabilities to perform of a Same-Site Request Forgery SSRF or Cross-Site Scripting XSS attack. The latter can lead to the execution of arbitrary script code in the browser used to visit the application visite...
CVE-2021-29103
A reflected Cross Site Scripting XXS vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser...
CVE-2021-29101
ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system...
PT-2021-16751
Name of the Vulnerable Software and Affected Versions AdTran Personal Phone Manager version 10.8.1 Description The issue allows for exfiltration of data over DNS, potentially enabling exposed AdTran Personal Phone Manager web servers to be used as DNS redirectors to tunnel arbitrary data over DNS...
CVE-2018-0704
Directory traversal vulnerability in Cybozu Office 10.0.0 to 10.8.1 allows remote attackers to delete arbitrary files via Keitai Screen...