CVE-2023-34149

CVE-2023-34149 describes a denial-of-service flaw in Apache Struts caused by a vulnerability in how setProperty() is handled compared to getProperty(). The issue affects Struts up to 2.5.30 and up to 6.1.2, with remediation available by upgrading to Struts 2.5.31 or 6.1.2.1 (or greater). IBM and ...

Apache Traffic Server (ATS) 8.x <= 8.1.6, 9.x <= 9.2.0 Multiple Vulnerabilities

Apache Traffic Server ATS is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Debian DSA-5424-1 : php7.4 - security update

The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5424 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The...

Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution

Exploit Title: Anevia Flamingo XL 3.6.20 - Authenticated Root Remote Code Execution Exploit Author: LiquidWorm Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.20, 3.2.9 Hardware revision 1.1, 1.0 SoapLive 2.4.1, 2.0.3 SoapSystem 1.3.1 Summary: Flamingo XL, a new modula...

Apache NiFi vulnerable to Deserialization of Untrusted Data

The JndiJmsConnectionFactoryProvider Controller Service, along with the ConsumeJMS and PublishJMS Processors, in Apache NiFi 1.8.0 through 1.21.0 allow an authenticated and authorized user to configure URL and library properties that enable deserialization of untrusted data from a remote location...

CVE-2023-34468

CVE-2023-34468 affects Apache NiFi controllers: DBCPConnectionPool and HikariCPConnectionPool. Versions 0.0.2 through 1.21.0 allow an authenticated/authorized user to configure a Database URL using the H2 driver that enables custom code execution. The issue is mitigated by upgrading to NiFi 1.22....

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vendor: Ateme Product web page: https://www.ateme.com Affected version: 3.6.5 Hardware revision: 1.1 SoapLive 2.4.0 SoapSystem 1.3.1 Summary: Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and...

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution Vulnerability

Anevia Flamingo XS version 3.6.5 suffers from an authenticated remote code execution vulnerability. A remote attacker can exploit this issue and execute arbitrary system commands granting her system access with root privileges. Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution...

Anevia Flamingo XS 3.6.5 Authenticated Root Remote Code Execution

Summary Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected...

Anevia Flamingo XL/XS 3.6.x Default/Hard-coded Credentials

Summary Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected...

Anevia Flamingo XL 3.6.20 Authenticated Root Remote Code Execution

Summary Flamingo XL, a new modular and high-density IPTV head-end product for hospitality and corporate markets. Flamingo XL captures live TV and radio content from satellite, cable, digital terrestrial and analog sources before streaming it over IP networks to STBs, PCs or other IP-connected...

XSS-Exploitation-Tool - An XSS Exploitation Tool

XSS Exploitation Tool is a penetration testing tool that focuses on the exploit of Cross-Site Scripting vulnerabilities. This tool is only for educational purpose, do not use it against real environment Features Technical Data about victim browser Geolocation of the victim Snapshot of the...

CVE-2023-30576

Apache Guacamole 0.9.10 through 1.5.1 may continue to reference a freed RDP audio input buffer. Depending on timing, this may allow an attacker to execute arbitrary code with the privileges of the guacd process...

CVE-2023-32550 Landscape's Apache server-status is accessible by default

Landscape's server-status page exposed sensitive system information. This data leak included GET requests which contain information to attack and leak further information from the Landscape API...

Apache InLong Code Execution Vulnerability

Apache InLong is the United States Apache Apache Foundation's one-stop massive data integration framework. A code execution vulnerability exists in Apache InLong versions 1.4.0 through 1.6.0, which can be exploited by an attacker to execute arbitrary code on a system...

Security Bulletin: Due to the use of Apache spring-web, IBM ECM Content Management Interoperability Services (CMIS) is affected by remote code execution (RCE) security vulnerability CVE-2016-1000027

Summary IBM ECM Content Management Interoperability Services CMIS is affected by Apache spring-web security vulnerability CVE-2016-1000027 , affected, not vulnerable. Vulnerability Details CVEID:CVE-2016-1000027 DESCRIPTION: Pivota Spring Framework could allow a remote attacker to execute arbitra...

Apache JSPWiki vulnerable to cross-site scripting on several plugins

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later...

GHSA-QVQ8-CW7F-M7M4 Apache JSPWiki vulnerable to cross-site scripting on several plugins

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later...

CVE-2022-46907

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later...

Cross site scripting

A carefully crafted request on several JSPWiki plugins could trigger an XSS vulnerability on Apache JSPWiki, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.12.0 or later...