Lucene search
K

15 matches found

Packet Storm
Packet Storm
added 2026/02/17 12:0 a.m.170 views

📄 Extensis Portfolio Manager 4.0.1 Shell Upload

This Metasploit module exploits multiple vulnerabilities in Extensis Portfolio Server to achieve remote code execution. It leverages CVE-2022-24251 and related issues to upload a JSP webshell and execute arbitrary commands. Version 4.0.1 is affected...

8.8CVSS6.4AI score0.01608EPSS
Exploits2
OSV
OSV
added 2024/05/30 3:33 p.m.9 views

GHSA-29M4-MX89-3MJG TYPO3 Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

5.3CVSS7AI score
Exploits0References4
Code423n4
Code423n4
added 2023/12/21 12:0 a.m.16 views

Error prone and complex code

Lines of code Vulnerability details Used function is error prone and complex that leads to incorrect asset handling so have suggested below maxHeapify implementation. function maxHeapifyuint256 pos internal uint256 left = 2 pos + 1; uint256 right = 2 pos + 2; uint256 largest = pos; if left...

7AI score
Exploits0
OSV
OSV
added 2022/09/27 11:15 p.m.13 views

CVE-2022-40816

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be...

6.5CVSS6.2AI score
Exploits0References1
Cvelist
Cvelist
added 2022/09/27 3:27 p.m.25 views

CVE-2022-40816

Zammad 5.2.1 is vulnerable to Incorrect Access Control. Zammad's asset handling mechanism has logic to ensure that customer users are not able to see personal information of other users. This logic was not effective when used through a web socket connection, so that a logged-in attacker would be...

6.2AI score0.00652EPSS
Exploits0References1
CVE
CVE
added 2022/09/27 3:27 p.m.222 views

CVE-2022-40816

Zammad 5.2.1 is affected by an Incorrect Access Control flaw where the asset handling logic fails over WebSocket connections, allowing an authenticated attacker to query the Zammad API and fetch other users’ personal data. The issue manifests when access control checks are bypassed through the we...

6.5CVSS6AI score0.00652EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/27 12:0 a.m.7 views

PT-2022-25553 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.1 Description: The issue concerns Incorrect Access Control in Zammad's asset handling mechanism. This mechanism is designed to prevent customer users from accessing personal information of other users. However, the logic wa...

6.5CVSS6.3AI score0.00652EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2022/03/18 5:53 p.m.24 views

Information Exposure in Apache Tapestry

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to...

7.5CVSS3.5AI score0.06559EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/04/27 7:15 p.m.19 views

CVE-2021-30638

Information Exposure vulnerability in context asset handling of Apache Tapestry allows an attacker to download files inside WEB-INF if using a specially-constructed URL. This was caused by an incomplete fix for CVE-2020-13953. This issue affects Apache Tapestry Apache Tapestry 5.4.0 version to...

7.5CVSS6.7AI score
Exploits0References4
OSV
OSV
added 2020/05/13 4:29 p.m.7 views

GHSA-PX9H-X66R-8MPC path traversal in Jooby

Impact Access to sensitive information available from classpath. Patches Patched version: 1.6.7 and 2.8.2 Commit 1.x: https://github.com/jooby-project/jooby/commit/34f526028e6cd0652125baa33936ffb6a8a4a009 Commit 2.x:...

5.3CVSS6.1AI score0.01554EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2018/12/17 12:0 a.m.9 views

FreeBSD : typo3 -- multiple vulnerabilities (bab29816-ff93-11e8-b05b-00e04c1ea73d)

Typo3 core team reports : CKEditor 4.11 fixes an XSS vulnerability in the HTML parser reported by maxarr. The vulnerability stemmed from the fact that it was possible to execute XSS inside the CKEditor source area after persuading the victim to: i switch CKEditor to source mode, then ii paste a...

4.8AI score
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2018/12/11 9:56 a.m.13 views

Denial of Service in Online Media Asset Handling

More info at https://typo3.org/security/advisory/typo3-core-sa-2018-011...

7.2AI score
Exploits0Affected Software1
Typo3
Typo3
added 2018/12/11 12:0 a.m.10 views

Denial of Service in Online Media Asset Handling

Online Media Asset Handling .youtube and .vimeo files in the TYPO3 backend is vulnerable to denial of service. Putting large files with according file extensions results in high consumption of system resources. This can lead to exceeding limits of the current PHP process which results in a...

6.6AI score
Exploits0Affected Software1
CVE
CVE
added 2015/08/16 11:0 p.m.55 views

CVE-2015-5766

CVE-2015-5766 concerns Apple iOS prior to 8.4.1, where a directory traversal issue in the Air Traffic component allowed access to arbitrary filesystem locations via vectors related to asset handling. The root cause is a path/asset handling validation weakness within Air Traffic, enabling potentia...

5CVSS5.7AI score0.02074EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2015/08/16 11:0 p.m.18 views

CVE-2015-5766

Directory traversal vulnerability in Air Traffic in Apple iOS before 8.4.1 allows attackers to access arbitrary filesystem locations via vectors related to asset handling...

5.7AI score0.02074EPSS
Exploits0References4
Rows per page
Query Builder