174 matches found
FreeBSD : Openfire administration console authentication bypass (9bcff2c4-1779-11ef-b489-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcff2c4-1779-11ef-b489-b42e991fc52e advisory. - Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative...
Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17937)
Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to execute a...
Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17936)
Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has an input validation error vulnerability that can be exploited by an attacker to update the cron API usi...
Siemens Location Intelligence Uses Hard-Coded Credentials Vulnerability
Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a Use Hardcoded Credentials vulnerability that can be exploited by an attacke...
Siemens Location Intelligence Perpetual 信任管理问题漏洞
Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a Use Hardcoded Credentials vulnerability that can be exploited by an attacke...
Siemens SINEC INS Denial of Service Vulnerability (CNVD-2023-97253)
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS, whic...
Siemens SINEC INS Denial of Service Vulnerability
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS, whic...
Simple Student Information System SQL Injection Vulnerability
Simple Student Information System is a web-based application platform by Carlo Montero, an individual developer. It can help a university or college to manage student information and academic records. A SQL injection vulnerability exists in Simple Student Information System version 1.0, which ste...
Simple Student Information System SQL Injection Vulnerability
Simple Student Information System is a web-based application platform by Carlo Montero, an individual developer. It can help a university or college to manage student information and academic records. A SQL injection vulnerability exists in Simple Student Information System version 1.0, which ste...
CVE-2023-45823
CVE-2023-45823 affects Artifact Hub. A bug allowed reading arbitrary files when processing git-based repositories loaded into Artifact Hub, due to insufficient validation of symbolic links in certain repositories. The root cause is lack of validation of symbolic links during repository cloning/pr...
CVE-2023-45823 Arbitrary file read in Artifact Hub
Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...
CVE-2023-45821
Artifact Hub (artifacthub.io) has a vulnerability in the registryIsDockerHub check where the code only inspects the registry domain ending with docker.io, enabling credential hijacking by using a fake OCI registry on a domain that ends with docker.io. The issue affects how Docker credentials used...
Path traversal
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
CVE-2023-32315
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
CVE-2023-32315 Openfire administration console authentication bypass
Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...
Openfire administration console authentication bypass
[email protected] reports: Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configure...
JetBrains Hub 代码问题漏洞
JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A code issue vulnerability exists in versions of JetBrains Hub prior to 2023.1.15725, which stems from a lack of server request forgery protecti...
Siemens SINEC INS Command Injection Vulnerability
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in a single tool. This simplifies the installation and management of all network services related to industrial networks.A command injection vulnerability exists in Siemens SINEC INS, which...
Siemens SINEC NMS 路径遍历漏洞
SINEC INS Infrastructure Network Services is a web-based application that combines various network services in a single tool. This simplifies the installation and management of all network services related to industrial networks.A path traversal vulnerability exists in Siemens SINEC INS, which...
Student Information System 安全漏洞
Student Information System is a web-based application platform by Carlo Montero, a personal developer. It can help a university or college to manage student information and academic records. A security vulnerability exists in Student Information System versions prior to 2.1.11. No information abo...