141 matches found
PT-2025-5786 · Ibm · Ibm Applinx
Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...
PT-2025-5785 · Ibm · Ibm Applinx
Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...
PT-2025-5784 · Ibm · Ibm Applinx
Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...
CVE-2024-44290
CVE-2024-44290 affects Apple platforms and is described as a location-privacy issue. The vulnerability is addressed in iOS 18.1, iPadOS 18.1, and watchOS 11.1; installing these updates resolves the issue. The public description indicates an app could determine a user’s current location. The CVSS ...
PT-2024-34494 · Ruijie · Ruijie Nbr800G
Name of the Vulnerable Software and Affected Versions: Ruijie NBR800G gateway version NBR RGOS 11.16B4P9 Description: The issue is a command execution vulnerability that occurs in the /itbox pi/networksafe.php endpoint via the province parameter. This allows for potential command execution...
PT-2024-29550 · Ibm · Ibm Cics Tx Standard
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Standard version 11.1 Description: The issue is related to cross-site request forgery, which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. This can let an...
CVE-2024-8149
There is a reflected Cross‑Site Scripting XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a remote, authenticated attacker with low‑privileged access to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...
GitLab Enterprise Edition 安全漏洞
GitLab Enterprise Edition EE is a content management system from the American company GitLab. A security vulnerability exists in GitLab Enterprise Edition. An attacker exploited the vulnerability to allow account takeover by compromising the OAuth process. The following versions are affected:...
PT-2024-38851 · Ruijie · Ruijie Eg2000K
Name of the Vulnerable Software and Affected Versions: Ruijie EG2000K version 11.16B2 Description: A critical issue has been found, affecting unknown code of the file /tool/index.php?c=download&a=save. The manipulation of the content argument leads to unrestricted upload. The attack can be...
Palo Alto PAN-OS Command Execution / Arbitrary File Creation
Exploit Title: Palo Alto PAN-OS bool: ret = False uri = "/ssl-vpn/hipreport.esp" s = requests.Session r = "" headers = "User-Agent" : \ "Mozilla/5.0 Windows NT 10.0; Win64; x64 AppleWebKit/537.36 KHTML, like Gecko Chrome/118.0.0.0 Safari/537.36", Windows 10 Chrome 118.0.0.0 "Content-Type":...
CVE-2024-25697 Stored XSS in Portal for ArcGIS
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. The privileges required to execute...
PT-2024-21099 · Esri · Arcgis Enterprise Builder
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS Enterprise Web App Builder versions 11.1 and below Description: The issue is a stored Cross-site Scripting vulnerability that may allow a remote, authenticated attacker to create a crafted link stored in a web map link...
PT-2024-21090 · Esri · Esri Portal For Arcgis
Name of the Vulnerable Software and Affected Versions: Esri Portal for ArcGIS versions 11.1 and below Description: The issue allows a remote, unauthenticated attacker to create a crafted link that, when clicked, could render arbitrary HTML in the victim's browser. This is due to an HTML injection...
PT-2024-21102
Name of the Vulnerable Software and Affected Versions Esri Portal for ArcGIS Experience Builder versions 11.1 and below Description The issue allows a remote, unauthenticated attacker to create a crafted link which, when clicked, could potentially execute arbitrary JavaScript code in the victim’s...
CVE-2024-27254
IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 10.5, 11.1, and 11.5 federated server is vulnerable to denial of service with a specially crafted query under certain conditions. IBM X-Force ID: 283813...
Mobatek MobaXterm 11.1 (CVE-2019-13475)
The version of Mobatek MobaXterm installed on the remote host is 11.1. It is, therefore, affected by a vulnerability as referenced in the CVE-2019-13475 advisory. - In MobaXterm 11.1, the mobaxterm: URI handler has an argument injection vulnerability that allows remote attackers to execute...
PT-2024-7393 · Mariadb Foundation · Mariadb
Name of the Vulnerable Software and Affected Versions: MariaDB version 11.1 Description: The issue in MariaDB is related to incorrect management of code generation in the lib mysqludf sys.so library, which can be exploited by an attacker to elevate privileges and execute arbitrary code. A remote...
CVE-2023-5118 Stored cross-site scripting vulnerability in Kofax Capture software
The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...
CVE-2023-5118 Stored cross-site scripting vulnerability in Kofax Capture software
The application is vulnerable to Stored Cross-Site Scripting XSS in the endpoint /sofer/DocumentService.asc/SaveAnnotation, where input data transmitted via the POST method in the parameters author and text are not adequately sanitized and validated. This allows for the injection of malicious...
PT-2023-7736 · Ibm · Ibm Db2
Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to insufficient input validation, which can be exploited by a remote attacker to cause a denial of service with a...