36 matches found
PT-2025-9096 · Rancher · Rancher
Name of the Vulnerable Software and Affected Versions: Rancher versions 2.8.0 through 2.8.12 Rancher versions 2.9.0 through 2.9.6 Rancher versions 2.10.0 through 2.10.2 Description: A local user can impersonate other identities through SAML Authentication on first login due to an improper access...
CVE-2019-13343
Butor Portal before 1.0.27 is affected by a Path Traversal vulnerability leading to a pre-authentication arbitrary file download. Effectively, a remote anonymous user can download any file on servers running Butor Portal. WhiteLabelingServlet is responsible for this vulnerability. It does not...
CVE-2024-12449
CVE-2024-12449 affects the Video Share VOD – Turnkey Video Site Builder Script WordPress plugin. It is a Stored XSS in the videowhisper_player_html shortcode present in all versions up to 2.6.30 due to insufficient input sanitization and output escaping on user-supplied attributes. Exploitation r...
CVE-2024-11876 Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site <= 1.6.9 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Kredeum NFTs, the easiest way to sell your NFTs directly on your WordPress site plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'kredeumopensky' shortcode in all versions up to, and including, 1.6.9 due to insufficient input sanitization and output escaping ...
PT-2024-18352 · WordPress · Wpbakery
Name of the Vulnerable Software and Affected Versions: wpbakery plugin for WordPress versions up to, and including, 7.5 Description: The issue is related to Stored Cross-Site Scripting via the Post Title tag attribute due to insufficient input sanitization and output escaping. This allows...
Apple Safari security vulnerability
Apple Safari is a web browser from Apple Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. A security vulnerability exists in Apple Safari version 17.4, which originates from accessing the Private Browsing tab without authentication...
Sme.UP ERP 安全漏洞
Sme.UP ERP is a management software developed to meet the needs of customers by Sme.UP Italy. A security vulnerability exists in Sme.UP ERP TOKYO version V6R1M220406, which originates from the presence of an information disclosure vulnerability that can be exploited by an attacker to gain access ...
JSA10469 - Pre-authentication CGI script prints arbitrary contents of XML and ZIP files
Edit: 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Certain CGI scripts found on the appliance are accessible during pre-authentication. There is an issue that may allow access to arbitrary XML files or the contents of ZIP files on the...
CVE-2022-37316
Archer Platform 6.8 before 6.11 P3 6.11.0.3 contains an improper API access control vulnerability in a multi-instance system that could potentially present unauthorized metadata to an authenticated user of the affected system. 6.10 P3 HF1 6.10.0.3.1 is also a fixed release...
PT-2022-23731 · Veritas · Veritas Netbackup
Name of the Vulnerable Software and Affected Versions: Veritas NetBackup versions 8.1.x through 8.1.2 Veritas NetBackup version 8.2 Veritas NetBackup versions 8.3.x through 8.3.0.2 Veritas NetBackup versions 9.x through 9.0.0.1 Veritas NetBackup versions 9.1.x through 9.1.0.1 Description: An issu...
F5 BIG-IP APM Edge Client for Windows has an unspecified vulnerability
F5 BIG-IP APM Edge Client for Windows is a client-side access control authentication access client application from F5. A security vulnerability exists in F5 BIG-IP APM Edge Client for Windows, which can be exploited by attackers to obtain privilege escalation on client Windows systems...
CVE-2020-10709
A security flaw was found in Ansible Tower when requesting an OAuth2 token with an OAuth2 application. Ansible Tower uses the token to provide authentication. This flaw allows an attacker to obtain a refresh token that does not expire. The original token granted to the user still has access to...
Network, Netgear routers are exposed to severe DNS vulnerability,vulnerable to hacking-vulnerability warning-the black bar safety net
! Recently, the network device Netgear routers is found that there is a serious DNS vulnerability, at present, the network member has not yet patched the published vulnerabilities, which allow attackers to tamper with the affected router's DNS settings, it will affect its router security, estimat...
Y-Cam information leakage vulnerability in various products
Y-Cam camera is a wireless network security surveillance camera system from Y-cam. An information disclosure vulnerability exists in several Y-Cam products, allowing remote attackers to authenticate and obtain sensitive information via a leading "/ /" to en/account/acceditasp request...
CVE-2003-0639
Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allows users to access restricted or secure pages without authentication...
Microsoft SQL Server installation process leaves sensitive information on system
Overview Microsoft SQL server versions 7.0 and 2000, as well as MSDE 1.0, may leave installation and log files on the server after the installation process is complete. These files may contain senstitive information such as passwords used during the install. Users with authenticated access to the...