Lucene search
+L

174 matches found

Tenable Nessus
Tenable Nessus
added 2024/05/22 12:0 a.m.36 views

FreeBSD : Openfire administration console authentication bypass (9bcff2c4-1779-11ef-b489-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 9bcff2c4-1779-11ef-b489-b42e991fc52e advisory. - Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative...

8.6CVSS8AI score0.99999EPSS
Exploits15References3
CNVD
CNVD
added 2024/04/11 12:0 a.m.20 views

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17937)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin suffers from an input validation error vulnerability that can be exploited by an attacker to execute a...

6.5CVSS7AI score0.01784EPSS
Exploits0References1
CNVD
CNVD
added 2024/04/11 12:0 a.m.17 views

Apache Zeppelin Input Validation Error Vulnerability (CNVD-2024-17936)

Apache Zeppelin is a Web-based open source laptop application from the Apache USA Foundation. The program supports interactive data analysis and collaborative documentation. Apache Zeppelin has an input validation error vulnerability that can be exploited by an attacker to update the cron API usi...

6.5CVSS6.9AI score0.01723EPSS
Exploits0References1
CNVD
CNVD
added 2024/02/21 12:0 a.m.19 views

Siemens Location Intelligence Uses Hard-Coded Credentials Vulnerability

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a Use Hardcoded Credentials vulnerability that can be exploited by an attacke...

9.8CVSS7.1AI score0.00733EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/13 12:0 a.m.8 views

Siemens Location Intelligence Perpetual 信任管理问题漏洞

Location Intelligence is a web-based application that creates transparency in production and logistics processes based on location data, thus uncovering optimization potential. Siemens Location Intelligence suffers from a Use Hardcoded Credentials vulnerability that can be exploited by an attacke...

9.8CVSS7AI score0.00733EPSS
Exploits0References2
CNVD
CNVD
added 2023/12/13 12:0 a.m.56 views

Siemens SINEC INS Denial of Service Vulnerability (CNVD-2023-97253)

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS, whic...

2.7CVSS6.8AI score0.00585EPSS
Exploits0References1
CNVD
CNVD
added 2023/12/13 12:0 a.m.31 views

Siemens SINEC INS Denial of Service Vulnerability

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in one tool. This simplifies the installation and management of all network services associated with industrial networks. A denial of service vulnerability exists in Siemens SINEC INS, whic...

2.7CVSS6.8AI score0.00585EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.7 views

Simple Student Information System SQL Injection Vulnerability

Simple Student Information System is a web-based application platform by Carlo Montero, an individual developer. It can help a university or college to manage student information and academic records. A SQL injection vulnerability exists in Simple Student Information System version 1.0, which ste...

7.5CVSS8.1AI score0.00533EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/11/02 12:0 a.m.5 views

Simple Student Information System SQL Injection Vulnerability

Simple Student Information System is a web-based application platform by Carlo Montero, an individual developer. It can help a university or college to manage student information and academic records. A SQL injection vulnerability exists in Simple Student Information System version 1.0, which ste...

7.5CVSS8.1AI score0.00562EPSS
Exploits1References4
CVE
CVE
added 2023/10/19 8:53 p.m.94 views

CVE-2023-45823

CVE-2023-45823 affects Artifact Hub. A bug allowed reading arbitrary files when processing git-based repositories loaded into Artifact Hub, due to insufficient validation of symbolic links in certain repositories. The root cause is lack of validation of symbolic links during repository cloning/pr...

7.5CVSS7.5AI score0.00631EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/10/19 8:53 p.m.33 views

CVE-2023-45823 Arbitrary file read in Artifact Hub

Artifact Hub is a web-based application that enables finding, installing, and publishing packages and configurations for CNCF projects. During a security audit of Artifact Hub's code base a security researcher identified a bug in which by using symbolic links in certain kinds of repositories load...

7.5CVSS7.5AI score0.00631EPSS
Exploits0References4
CVE
CVE
added 2023/10/19 8:53 p.m.66 views

CVE-2023-45821

Artifact Hub (artifacthub.io) has a vulnerability in the registryIsDockerHub check where the code only inspects the registry domain ending with docker.io, enabling credential hijacking by using a fake OCI registry on a domain that ends with docker.io. The issue affects how Docker credentials used...

6.3CVSS6AI score0.00206EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/05/26 11:15 p.m.28 views

Path traversal

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

5CVSS7.6AI score0.99999EPSS
Exploits15References2Affected Software1
AlpineLinux
AlpineLinux
added 2023/05/26 10:33 p.m.48 views

CVE-2023-32315

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

8.6CVSS8.3AI score0.99999EPSS
Exploits15
Cvelist
Cvelist
added 2023/05/26 10:33 p.m.44 views

CVE-2023-32315 Openfire administration console authentication bypass

Openfire is an XMPP server licensed under the Open Source Apache License. Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup...

8.6CVSS8.7AI score0.99999EPSS
Exploits15References2
FreeBSD
FreeBSD
added 2023/05/26 12:0 a.m.30 views

Openfire administration console authentication bypass

[email protected] reports: Openfire's administrative console, a web-based application, was found to be vulnerable to a path traversal attack via the setup environment. This permitted an unauthenticated user to use the unauthenticated Openfire Setup Environment in an already configure...

8.6CVSS7.3AI score0.99999EPSS
Exploits15References1
CNNVD
CNNVD
added 2023/04/24 12:0 a.m.7 views

JetBrains Hub 代码问题漏洞

JetBrains Hub is a web-based application from the Czech company JetBrains. The program is capable of integrating multiple JetBrains team tools together. A code issue vulnerability exists in versions of JetBrains Hub prior to 2023.1.15725, which stems from a lack of server request forgery protecti...

9.8CVSS8.4AI score0.00482EPSS
Exploits0References2
CNVD
CNVD
added 2023/01/13 12:0 a.m.49 views

Siemens SINEC INS Command Injection Vulnerability

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in a single tool. This simplifies the installation and management of all network services related to industrial networks.A command injection vulnerability exists in Siemens SINEC INS, which...

8.8CVSS3.7AI score0.01382EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/01/10 12:0 a.m.5 views

Siemens SINEC NMS 路径遍历漏洞

SINEC INS Infrastructure Network Services is a web-based application that combines various network services in a single tool. This simplifies the installation and management of all network services related to industrial networks.A path traversal vulnerability exists in Siemens SINEC INS, which...

8.8CVSS7.9AI score0.01174EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/12/02 12:0 a.m.8 views

Student Information System 安全漏洞

Student Information System is a web-based application platform by Carlo Montero, a personal developer. It can help a university or college to manage student information and academic records. A security vulnerability exists in Student Information System versions prior to 2.1.11. No information abo...

8.8CVSS7.9AI score0.00656EPSS
Exploits0References2
Rows per page
Query Builder