13 matches found
EUVD-2021-14681
Malware in sbrugna...
CVE-2025-23024 GLPI: Plugins are disabled accessing one page
GLPI is a free asset and IT management software package. Starting in version 0.72 and prior to version 10.0.18, an anonymous user can disable all the active plugins. Version 10.0.18 contains a patch. As a workaround, one may delete the install/update.php file...
CVE-2024-28865
django-wiki prior to 0.10.1 is affected by a Regular Expression Denial of Service (ReDoS) caused by crafted article content that can drive a pathological regex loop and exhaust server CPU. Root cause: vulnerable article-processing logic enabling CPU-intensive regex processing. Impact: potential d...
Ibexa User Settings are accessible on the front-end for anonymous user
Impact This security advisory is about the user settings, which include things like preferred time zone and number of items per page in item listings. These could be accessed by the anonymous user. This impacted only the anonymous users themselves, and had no impact on logged in users. As such th...
Sensitive data exposure via /secure/QueryComponent!Default.jspa endpoint - CVE-2020-14179
h3. Summary Affected versions of Atlassian Jira Server and Data Center allow remote, unauthenticated attackers to view custom field names and custom SLA names via an Information Disclosure vulnerability in the /secure/QueryComponent!Default.jspa endpoint. h3. Affected versions: version 8.5.8 8.6....
The vulnerability of the FTP server of the Internet Information Services network services on the XP-8741-Atom industrial controller allows a hacker to perform write operations on the root directory of the FTP server.
The vulnerability of the FTP server of the Internet Information Services network services on the XP-8741-Atom controller is due to deficiencies in the access restrictions for the anonymous user. Exploiting this vulnerability allows a malicious actor to perform write operations to the root directo...
389-ds-base: ACI readable by anonymous user
It was found that 389 Directory Server was vulnerable to a flaw in which the default ACI Access Control Instructions could be read by an anonymous user. This could lead to leakage of sensitive information...
MoinMoin: Group ACL bypass
Background MoinMoin is a Python clone of WikiWiki, based on PikiPiki. Description MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor. Impact Restrictions on anonymous users were not properly...
moinmoin -- ACL group bypass
The moinmoin package contains two bugs with ACLs and anonymous users. Both bugs may permit anonymous users to gain access to administrative functions; for example the delete function. There is no known workaround, the vulnerability exists regardless if a site is using ACLs or not...
Pablo Software Solutions FTP Service 1.2 - Anonymous Users Privileges
Pablo Software Solutions FTP Service 1.2 - Anonymous Users Privileges source: https://www.securityfocus.com/bid/7799/info An issue in Pablo FTP Service may make it possible for remote users to perform unauthorized actions. It has been reported that Pablo FTP Service does not sufficiently restrict...
CommuniGate Pro directory listings
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Problem: An anonymous user can see the listing of the current and parent directory of CommuniGatePro WebUser directory. Vulnerable: All current versions of CommuniGatePro = 4.0b4 Details: You can get the listing of directory by accessing the...
Cisco Catalyst 3500 XL - Arbitrary Command Execution
Cisco Catalyst 3500 XL - Arbitrary Command Execution source: https://www.securityfocus.com/bid/1846/info A vulnerability exists in the webserver configuration interface which will allow an anonymous user to execute commands. A http request which includes /exec and a known filename will reveal the...
nt4+sp4.wts.4.0.txt
Date: Wed, 9 Jun 1999 01:07:04 +0200 From: mRm3n4c3 To: [email protected] Subject: Bug in WTS 4.0 on WinNT 4.0 sp4 I have recently encountered what i believe to be a bug in NT security when using Windows Terminal Server 4.0 on NT 4.00.1381 Service Pack 4. The problem occured in an environment...