232 matches found
PT-2023-31636 · Jenkins · Jenkins Nexus Platform Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nexus Platform Plugin versions 3.18.0-03 and earlier Description: The issue is related to missing permission checks in the Jenkins Nexus Platform Plugin, allowing attackers with Overall/Read permission to send an HTTP request to an...
Jenkins Nexus Platform Plugin Security Vulnerability
Jenkins and Jenkins Plugin are both Jenkins open source products.Jenkins is a software application . An open source automation server Jenkins provides hundreds of plugins to support building, deploying, and automating any project.Jenkins Plugin is a software application. A security vulnerability...
Adobe RoboHelp Server Path Traversal Vulnerability
Adobe RoboHelp Server is a server-based application for FrameMaker and RoboHelp enterprise users. A path traversal vulnerability exists in Adobe RoboHelp Server, which can be exploited by an attacker to execute arbitrary code on the system by sending a specially crafted URL request that contains...
CVE-2023-45809
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...
CVE-2023-45809 Disclosure of user names via admin bulk action views in wagtail
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...
CVE-2023-45809 Disclosure of user names via admin bulk action views in wagtail
Wagtail is an open source content management system built on Django. A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any change...
Wagtail vulnerable to disclosure of user names via admin bulk action views
Impact A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bulk actions on user accounts. While authentication rules prevent the user from making any changes, the error message discloses the display names of user...
CVE-2022-33165
IBM Security Directory Server 6.4.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 228582...
CVE-2023-43044
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 266893...
CVE-2023-43044 IBM License Metric Tool directory traversal
IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 266893...
CVE-2023-40779
An issue in IceWarp Mail Server Deep Castle 2 v.13.0.1.2 allows a remote attacker to execute arbitrary code via a crafted request to the URL...
IBM Security Directory Server Directory Traversal Vulnerability
IBM Security Directory Server is a suite of enterprise identity management software from International Business Machines IBM that uses the Lightweight Directory Access Protocol LDAP. The software provides a trusted identity data infrastructure for authentication. A directory traversal vulnerabili...
CVE-2022-33164
CVE-2022-33164 affects IBM Security Directory Server (7.2.0). A remote attacker could exploit a path traversal via /.. to view or write arbitrary files. IBM bulletin cites CVSS base 8.7 (CVE-2022-33164) and provides remediation: IBM Security Directory Server 6.4.0 interim fix 28, IBM Security Dir...
CVE-2023-35016
IBM Security Verify Governance, Identity Manager 10.0 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 257772...
Milesight UR32L Directory Traversal Vulnerability
The Milesight UR32L is a 4G industrial router from China's Milesight. The Milesight UR32L suffers from a directory traversal vulnerability that can be exploited by an attacker to view arbitrary files on the system by sending a specially crafted URL request containing a "dot dot" sequence /.../. /...
CVE-2023-25689
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 24761...
CVE-2023-25688 IBM Security Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1, and 4.1.1could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 247606...
CVE-2023-25689 IBM Security Key Lifecycle Manager information disclosure
IBM Security Guardium Key Lifecycle Manager 3.0, 3.0.1, 4.0, 4.1 , and 4.1.1 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 24761...
Design/Logic Flaw
IBM Financial Transaction Manager 3.2.0 through 3.2.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 192953...
CVE-2023-24960
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences /../ to view arbitrary files on the system. IBM X-Force ID: 246333...