36 matches found
Missing Authentication for Critical Function
Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function via the AdminService/StreamWorkflowReplicationMessages endpoint. An attacker can access replication streams and exfiltrate data by connecting to the frontend gRPC server without providing...
CVE-2019-18283
A vulnerability has been identified in SPPA-T3000 Application Server All versions Service Pack R8.2 SP2. The AdminService is available without authentication on the Application Server. An attacker can gain remote code execution by sending specifically crafted objects to one of its functions. Plea...
EUVD-2020-1441
Malware in sbrugna...
EUVD-2022-47716
Malicious code in bioql PyPI...
CVE-2022-44784
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...
CVE-2023-25570
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...
CVE-2023-25570 Apollo has potential access control security issue in eureka
Apollo is a configuration management system. Prior to version 2.1.0, there are potential security issues if users expose apollo-configservice to the internet, which is not recommended. This is because there is no authentication feature enabled for the built-in eureka service. Malicious hackers ma...
CVE-2022-44784
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...
Default configuration
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...
CVE-2022-44784
CVE-2022-44784 affects Maggioli Maggioli Appalti & Contratti 9.12.2, specifically the LFS and DL229 web applications that expose Axis 1.4 services embedded in the app. The Axis AdminService, intended for localhost only, can be reached remotely through the default configuration, enabling an attack...
CVE-2022-44784
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...
CVE-2022-44784
An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...
com.bbossgroups.pdp:bboss-pdp-adminservice (>=5.0.1.1 <=5.2.0), com.bbossgroups.pdp:bboss-pdp-fastwx (=5.0.1.2) +76 more potentially affected by CVE-2012-0213 via org.apache.poi:poi-scratchpad (>=3.0.1-FINAL <=3.10-FINAL)
org.apache.poi:poi-scratchpad MAVEN version =3.0.1-FINAL, =5.0.1.1, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2012-0213 Source advisory: OSV:GHSA-JQX5-H2HW-5Q4F...
Potential access control security issue in apollo-adminservice
Impact If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have built-in access control. Malicious hackers may access apollo-adminservice apis directly to access/edit...
GHSA-XPMX-H7XQ-XFFH Potential access control security issue in apollo-adminservice
Impact If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have built-in access control. Malicious hackers may access apollo-adminservice apis directly to access/edit...
CVE-2020-15170
apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Maliciou...
Design/Logic Flaw
apollo-adminservice before version 1.7.1 does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it doesn't have access control built-in. Maliciou...
CVE-2020-15170
CVE-2020-15170 affects apollo-adminservice prior to version 1.7.1, which does not implement access controls. Several trusted sources indicate that exposing apollo-adminservice to the Internet can allow direct access to APIs, enabling reading/editing of application configurations. The root cause i...
Improper Input Validation
apollo-adminservice does not implement access controls. If users expose apollo-adminservice to internetwhich is not recommended, there are potential security issues since apollo-adminservice is designed to work in intranet and it does not have access control built-in. Malicious hackers may access...
QRadar Community Edition 7.3.1.6 Server Side Request Forgery Vulnerability
QRadar Community Edition version 7.3.1.6 has an issue where the RssFeedItem class of the QRadar web application is used to fetch and parse RSS feeds. No validation is performed on the user-supplied RSS feed URL. Due to the lack of URL validation whitelisting, it is possible for authenticated...