CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

CVE-2025-27092

GHOSTS is an open source user simulation framework for cyber experimentation, simulation, training, and exercise. A path traversal vulnerability was discovered in GHOSTS version 8.0.0.0 that allows an attacker to access files outside of the intended directory through the photo retrieval endpoint...

CVE-2025-27092

CVE-2025-27092 affects the GHOSTS framework. A path traversal flaw exists in the photo retrieval endpoint at /api/npcs/{id}/photo, where crafted photoLink values can cause directory traversal and expose files outside the intended photo directory. Affected versions are 8.0.0.0 up to 8.2.7.89. The ...

CVE-2022-2249

Privilege escalation related vulnerabilities were discovered in Avaya Aura Communication Manager that may allow local administrative users to escalate their privileges. This issue affects Communication Manager versions 8.0.0.0 through 8.1.3.3 and 10.1.0.0...

Security Bulletin: OpenSSL (Publicly disclosed vulnerability)

Summary IBM MobileFirst Platform Foundation has addressed the following vulnerability by updating the version of OpenSSL. Vulnerability Details CVEID: CVE-2021-4160 DESCRIPTION: OpenSSL could provide weaker than expected security, caused by a carry propagation flaw in the MIPS32 and MIPS64 squari...

CVE-2021-25653

A privilege escalation vulnerability was discovered in Avaya Aura Appliance Virtualization Platform Utilities AVPU that may potentially allow a local user to escalate privileges. Affects 8.0.0.0 through 8.1.3.1 versions of AVPU...

CVE-2021-25652

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

CVE-2021-25652 Avaya Aura Appliance Virtualization Platform Utilities Sensitive Information Disclosure Vulnerability

An information disclosure vulnerability was discovered in the directory and file management of Avaya Aura Appliance Virtualization Platform Utilities AVPU. This vulnerability may potentially allow any local user to access system functionality and configuration information that should only be...

IBM HTTP Server 6.1.0.0 <= 6.1.0.47 / 7.0.0.0 < 7.0.0.39 / 8.0.0.0 < 8.0.0.12 / 8.5.0.0 < 8.5.5.7 HTTP Request Smuggling (533835)

The version of IBM HTTP Server running on the remote host is affected by an HTTP request smuggling vulnerability related to Apache HTTP Server. The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers t...

Security Bulletin: User Credentials submitted using GET method

Summary IBM Worklight/MobileFoundation has addressed the following vulnerability. User Credentials submitted using GET method Vulnerability Details CVEID: CVE-2020-4226 DESCRIPTION: IBM WorkLight stores highly sensitive information in URL parameters. This may lead to information disclosure if...

Azure File Sync Agent v8.0 Release – October 2019 (KB4511224)

Update for Azure File Sync agent version 8.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

Azure File Sync Agent v8.0 Release – October 2019 (KB4511224)

Update for Azure File Sync agent version 8.0.0.0. For more details, see the associated Microsoft Knowledge Base article...

PT-2019-16922 · Ibm · Ibm Mq

Name of the Vulnerable Software and Affected Versions: IBM MQ versions 7.1.0.0 through 7.1.0.9 IBM MQ versions 7.5.0.0 through 7.5.0.9 IBM MQ versions 8.0.0.0 through 8.0.0.11 IBM MQ versions 9.0.0.0 through 9.0.0.6 IBM MQ versions 9.1.0.0 through 9.1.0.2 IBM MQ versions 9.1.1 through 9.1.2...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server April 2016 CPU (CVE-2016-3426, CVE-2016-3427) shipped with Tivoli Netcool Performance Manager

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed in the Oracle April 2016 Critical Patch Update, plus four additional vulnerabilities. These may affect some configurations of IBM...

Security Bulletin: Potential security vulnerability with IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2016-0360)

Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Potential security...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM PureApplication System (CVE-2016-0306)

Summary IBM WebSphere Application Server is shipped as a component of IBM PureApplication System. Information about a security vulnerability affecting IBM WebSphere Application Server has been published in a security bulletin. Vulnerability Details Consult the security bulletin Potential security...

Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect WebSphere Application Server January 2016 CPU (CVE-2016-0475, CVE-2016-0466, CVE-2015-7575, CVE-2016-0448)

Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition that is shipped with IBM WebSphere Application Server. These issues were disclosed as part of the IBM Java SDK updates in January 2016 and includes the vulnerability commonly referred to as "SLOTH". These may affect...

Security Bulletin: Multiple vulnerabilities in current IBM SDK for Java for WebSphere Application Server January 2014 CPU

Summary Multiple security vulnerabilities exist in the IBM SDK for Java that is shipped with IBM WebSphere Application Server Vulnerability Details The IBM WebSphere Application Server is shipped with an IBM SDK for Java that is based on the Oracle JDK. Oracle has released January 2014 critical...

Cross site request forgery (csrf)

Dell EMC Isilon OneFS versions between 8.1.0.0 - 8.1.0.1, 8.0.1.0 - 8.0.1.2, and 8.0.0.0 - 8.0.0.6, versions 7.2.1.x, and version 7.1.1.11 and 8.1.0.2 is affected by a cross-site request forgery vulnerability. A malicious user may potentially exploit this vulnerability to send unauthorized reques...

CVE-2017-10228

Vulnerability in the Oracle Hospitality Cruise Shipboard Property Management System component of Oracle Hospitality Applications subcomponent: Module. The supported version that is affected is 8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...