8 matches found
CVE-2026-29179
October is a Content Management System CMS and web platform. Prior to 3.7.16 and 4.1.16, fine-grained sub-permission checks for asset and blueprint file operations were not enforced in the CMS and Tailor editor extensions. This only affects backend users who were explicitly granted editor access...
EUVD-2013-0481
Malware in sbrugna...
EUVD-2018-18630
Malware in sbrugna...
CVE-2021-20080
Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting XSS attacks by uploading a crafted XML asset file...
Remote Code Execution
tapestry-core is vulnerable to remote code execution. Access to the classpath asset files is not restricted, allowing an attacker to guess the path to a known file in the classpath and retrieve the contents. It can also potentially allow the attacker to perform a Java serialization attack if the...
CVE-2018-6885
An issue was discovered in MicroStrategy Web Services the Microsoft Office plugin before 10.4 Hotfix 7, and before 10.11. The vulnerability is unauthenticated and leads to access to the asset files with the MicroStrategy user privileges. This includes the credentials to access the admin dashboard...
Cross site request forgery (csrf)
HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files...
CVE-2013-0470
HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files...