EUVD-2021-27290

Malware in sbrugna...

CVE-2024-21117

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...

CVE-2022-30118

Title for CVE: XSS in /dashboard/system/express/entities/forms/savecontrol/GUID: old browsers only.Description: When using Internet Explorer with the XSS protection disabled, editing a form control in an express entities form for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 can...

CVE-2024-21120

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Core. Supported versions that are affected are 8.5.6 and 8.5.7. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Outside In...

PT-2024-4912 · Oracle · Oracle Outside In Technology

Name of the Vulnerable Software and Affected Versions: Oracle Outside In Technology versions 8.5.6 through 8.5.7 Description: The issue exists due to insufficient input validation in the Outside In Core component of Oracle Outside In Technology. Exploitation can allow an attacker to impact the...

Atlassian Confluence < 7.19.20 / 7.20.x < 8.5.7 (CONFSERVER-94843)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-94843 advisory. - Eclipse Jetty provides a web server and servlet container. In versions 11.0.0 through 11.0.15, 10.0.0 through 10.0.15, and 9.0.0 through 9.4.52, a...

Apache Tomcat Information Disclosure Vulnerability (Jan 2024) - Linux

Apache Tomcat is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"...

PT-2023-4780 · Notepad++ · Notepad++

Name of the Vulnerable Software and Affected Versions: Notepad++ versions 8.5.6 and prior Description: The issue is related to a heap buffer read overflow in the FileManager::detectLanguageFromTextBegining function. This may potentially be used to leak internal memory allocation information. The...

Atlassian Jira < 7.13.14 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.7. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers to access outgoing emails between a Jira instance and the SMTP...

GHSA-M2WW-6WV6-VW3C Cross site scripting in Concrete CMS

XSS in /dashboard/blocks/stacks/viewdetails/ - old browsers only. When using an older browser with built-in XSS protection disabled, insufficient sanitation where built urls are outputted can be exploited for Concrete 8.5.7 and below as well as Concrete 9.0 through 9.0.2 to allow XSS. This cannot...

CVE-2021-22951

Unauthorized individuals could view password protected files using viewinline in Concrete CMS previously concrete 5 prior to version 8.5.7. Concrete CMS now checks to see if a file has a password in viewinline and, if it does, the file is not rendered.For version 8.5.6, the following mitigations...

CVE-2021-22951

CVE-2021-22951 affects Concrete CMS (formerly concrete5) prior to 8.5.7. Unauthorized individuals could view password-protected files via the view_inline functionality, exposing protected content. The root cause was that view_inline could render a file even if it had a password. Mitigations imple...

Information disclosure

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...

CVE-2020-14181

Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the /ViewUserHover.jspa endpoint. The affected versions are before version 7.13.6, from version 8.0.0 before 8.5.7, and from version 8.6.0...

CVE-2020-14174

Affected versions of Atlassian Jira Server and Data Center allow remote attackers to view titles of a private project via an Insecure Direct Object References IDOR vulnerability in the Administration Permission Helper. The affected versions are before version 7.13.6, from version 8.0.0 before...

CVE-2020-14168

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle MITM vulnerability...

Security feature bypass

The email client in Jira Server and Data Center before version 7.13.16, from 8.5.0 before 8.5.7, from 8.8.0 before 8.8.2, and from 8.9.0 before 8.9.1 allows remote attackers to access outgoing emails between a Jira instance and the SMTP server via man-in-the-middle MITM vulnerability...

Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server shipped with IBM Business Monitor (CVE-2019-4268)

Summary IBM WebSphere Application Server is shipped as a component of Business Monitor. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Please consult the security bulletin File traversal...

1CRM On-Premise Software 8.5.7 - Persistent Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications 1CRM On-Premise Software 8.5.7 Stored XSS //////////////////////////////////////////////////////////////////////////////////// Exploit Title: 1CRM On-Premise Software 8.5.7 - Cross-Site Scripting Date: 19/07/2019 Exploit Author: Kusol...

1CRM On-Premise Software Cross-Site Scripting Vulnerability

1CRM On-Premise Software is an on-premise software. A cross-site scripting vulnerability in 1CRM On-Premise Software version 8.5.7 can be exploited by an attacker to execute client-side code...