58 matches found
PT-2024-1547
Name of the Vulnerable Software and Affected Versions Fortinet FortiSIEM versions 6.4.0 through 6.4.2 Fortinet FortiSIEM versions 6.5.0 through 6.5.2 Fortinet FortiSIEM versions 6.6.0 through 6.6.3 Fortinet FortiSIEM versions 6.7.0 through 6.7.8 Fortinet FortiSIEM versions 7.0.0 through 7.0.2...
CVE-2023-50346 An information disclosure affects DRYiCE MyXalytics
HCL DRYiCE MyXalytics is impacted by an information disclosure vulnerability. Certain endpoints within the application disclose detailed file information...
Cross-site Scripting (XSS)
Overview org.craftercms:crafter-engine is a Crafter Content Delivery Engine. Affected versions of this package are vulnerable to Cross-site Scripting XSS via API endpoints that reflect some input parameter and do produce XML responses. An attacker can inject malicious scripts by sending crafted...
CVE-2022-41274
SAP Disclosure Management - version 10.1, allows an authenticated attacker to exploit certain misconfigured application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation can lead to the exposure of data like financial reports...
Open-Xchange OX App Suite 资源管理错误漏洞
Open-Xchange OX App Suite is an email and productivity suite client software from Open-Xchange Germany. A security vulnerability exists in Open-Xchange OX App Suite version 7.10.6 and earlier, which stems from insufficiently checking that request body sizes are reasonable for certain API endpoint...
PT-2022-5476 · Cisco · Cisco Email Security Appliance +1
Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance affected versions not specified Cisco Secure Email and Web Manager affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker...
CVE-2022-40179
A vulnerability has been identified in Desigo PXM30-1 All versions V02.20.126.11-41, Desigo PXM30.E All versions V02.20.126.11-41, Desigo PXM40-1 All versions V02.20.126.11-41, Desigo PXM40.E All versions V02.20.126.11-41, Desigo PXM50-1 All versions V02.20.126.11-41, Desigo PXM50.E All versions...
Atlassian Bitbucket Server 安全漏洞
Atlassian Bitbucket Server is a Git code hosting solution from Atlassian Australia. The solution is capable of managing and reviewing code with features such as diff views, JIRA integration, and build integration.A command execution vulnerability exists in Atlassian Bitbucket Server and Data...
CVE-2022-29540
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...
Cross site scripting
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...
CVE-2022-29540
resi-calltrace in RESI Gemini-Net 4.2 is affected by Multiple XSS issues. Unauthenticated remote attackers can inject arbitrary web script or HTML into an HTTP GET parameter that reflects user input without sanitization. This exists on numerous application endpoints,...
GHSA-8572-5JRG-MX52 Exposure of Sensitive Information in Jenkins Core
Jenkins before 2.3 and LTS before 1.651.2 allow remote authenticated users with read access to obtain sensitive plugin installation information by leveraging missing permissions checks in unspecified XML/JSON API endpoints...
Information disclosure
SAP BusinessObjects Analysis edition for OLAP - versions 420, 430, allows an attacker to exploit certain application endpoints to read sensitive data. These endpoints are normally exposed over the network and successful exploitation could lead to exposure of some system specific data like its...
PT-2021-5380 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient protection of registration data in the disaster recovery feature of Cisco SD-WAN vManage Software. This could allow a remote...
PT-2020-19874 · Hashicorp +1 · Hashicorp Consul +2
Name of the Vulnerable Software and Affected Versions: HashiCorp Consul and Consul Enterprise versions 1.4.1 through 1.6.2 Description: The issue results from the non-uniform enforcement of Access Control Lists ACLs across all API endpoints, potentially leading to unintended information disclosur...
Cross site request forgery (csrf)
railsadmin ruby gem v1.1.1 is vulnerable to cross-site request forgery CSRF attacks. Non-GET methods were not validating CSRF tokens and, as a result, an attacker could hypothetically gain access to the application administrative endpoints exposed by the gem...
PT-2007-6476 · Unknown · Crs Manager
Name of the Vulnerable Software and Affected Versions: CRS Manager affected versions not specified Description: The issue concerns multiple PHP remote file inclusion vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary PHP code via a URL in the DOCUMENT ROOT paramete...
PT-2007-2274 · Atsphp · Atsphp
Name of the Vulnerable Software and Affected Versions: Atsphp version 5.0.1 Description: Multiple PHP remote file inclusion issues allow remote attackers to execute arbitrary PHP code via a URL in the CONFpath parameter to API endpoints such as "index.php", "sources/usercp.php", or...