Lucene search
K

232 matches found

Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.5 views

PT-2023-31636 · Jenkins · Jenkins Nexus Platform Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Nexus Platform Plugin versions 3.18.0-03 and earlier Description: The issue is related to missing permission checks in the Jenkins Nexus Platform Plugin, allowing attackers with Overall/Read permission to send an HTTP request to an...

5.4CVSS5.4AI score0.0044EPSS
Exploits0References10
CNNVD
CNNVD
added 2023/12/13 12:0 a.m.3 views

Jenkins Nexus Platform Plugin Security Vulnerability

Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...

5.4CVSS6.7AI score0.0044EPSS
Exploits0References4
CNVD
CNVD
added 2023/11/21 12:0 a.m.24 views

Adobe RoboHelp Server Path Traversal Vulnerability

Adobe RoboHelp Server is a server-based application for FrameMaker and RoboHelp enterprise users. A path traversal vulnerability exists in Adobe RoboHelp Server, which can be exploited by an attacker to execute arbitrary code on the system by sending a specially crafted URL request that contains...

7.2CVSS7.2AI score0.01937EPSS
Exploits0References1
NVD
NVD
added 2023/10/19 7:15 p.m.22 views

CVE-2023-45809

Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...

2.7CVSS3.7AI score0.00454EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/10/19 6:33 p.m.27 views

CVE-2023-45809 Disclosure of user names via admin bulk action views in wagtail

Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...

2.7CVSS4.1AI score0.00454EPSS
Exploits0References2
OSV
OSV
added 2023/10/19 6:33 p.m.17 views

CVE-2023-45809 Disclosure of user names via admin bulk action views in wagtail

Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...

2.7CVSS4.4AI score0.00454EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/10/19 3:50 p.m.41 views

Wagtail vulnerable to disclosure of user names via admin bulk action views

Impact A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user...

2.7CVSS6.9AI score0.00454EPSS
Exploits0References10Affected Software1
NVD
NVD
added 2023/10/14 3:15 p.m.18 views

CVE-2022-33165

IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 228582...

7.5CVSS6.8AI score0.01172EPSS
Exploits0References3
NVD
NVD
added 2023/09/28 6:15 p.m.18 views

CVE-2023-43044

IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 266893...

7.5CVSS6.1AI score0.00816EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/09/28 5:23 p.m.29 views

CVE-2023-43044 IBM License Metric Tool directory traversal

IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 266893...

5.3CVSS7.3AI score0.00816EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/09/14 6:15 p.m.4 views

CVE-2023-40779

An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL...

6.1CVSS6.8AI score0.01355EPSS
Exploits0References4
CNVD
CNVD
added 2023/09/12 12:0 a.m.21 views

IBM Security Directory Server Directory Traversal Vulnerability

IBM Security Directory Server is a suite of enterprise identity management software from International Business Machines IBM that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A directory traversal vulnerabili...

9.1CVSS6.8AI score0.01476EPSS
Exploits0References1
CVE
CVE
added 2023/09/08 7:58 p.m.67 views

CVE-2022-33164

CVE-2022-33164 affects IBM Security Directory Server (7.2.0). A remote attacker could exploit a path traversal via /.. to view or write arbitrary files. IBM bulletin cites CVSS base 8.7 (CVE-2022-33164) and provides remediation: IBM Security Directory Server 6.4.0 interim fix 28, IBM Security Dir...

9.1CVSS8.7AI score0.01476EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/07/31 1:15 a.m.12 views

CVE-2023-35016

IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 257772...

6.5CVSS6.6AI score0.00946EPSS
Exploits0References2
CNVD
CNVD
added 2023/07/10 12:0 a.m.20 views

Milesight UR32L Directory Traversal Vulnerability

The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L suffers from a directory traversal vulnerability that can be exploited by an attacker to view arbitrary files on the system by sending a specially crafted URL request containing a "dot dot" sequence /.../. /...

6.5CVSS6.9AI score0.01078EPSS
Exploits1References1
NVD
NVD
added 2023/03/21 3:15 p.m.13 views

CVE-2023-25689

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 24761...

5.3CVSS4.9AI score0.0068EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/21 3:1 p.m.17 views

CVE-2023-25688 IBM Security Key Lifecycle Manager information disclosure

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 247606...

4.3CVSS5.3AI score0.00941EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/21 2:49 p.m.16 views

CVE-2023-25689 IBM Security Key Lifecycle Manager information disclosure

IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 24761...

2.7CVSS5.3AI score0.0068EPSS
Exploits0References2
Prion
Prion
added 2023/03/01 10:15 p.m.16 views

Design/Logic Flaw

IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 192953...

5CVSS7.4AI score0.01019EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/02/17 7:15 p.m.15 views

CVE-2023-24960

IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 246333...

7.5CVSS7.3AI score0.01406EPSS
Exploits0References2
Rows per page
Query Builder