PrivateBin Security Vulnerability

PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin versions prior to 1.7.4 that stems from exposing authentication tokens to the public without authentication, allowing anyone to break through restrictions imposed by a...

shescape 安全漏洞

Shescape is open source a simple shell escaping program package for JavaScript . Use it to escape user-controlled input to shell commands to prevent shell injection. A security vulnerability exists in versions of shescape prior to 1.7.4 that stems from escaping or referencing the wrong shell,...

CVE-2022-40725

PingID Desktop prior to the latest released version 1.7.4 contains a vulnerability that can be exploited to bypass the maximum PIN attempts permitted before the time-based lockout is activated...

SUSE CVE-2016-0779

The EjbObjectInputStream class in Apache TomEE before 1.7.4 and 7.x before 7.0.0-M3 allows remote attackers to execute arbitrary code via a crafted serialized object...

WordPress plugin Digital Publications by Supsystic 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

PT-2022-16769

Name of the Vulnerable Software and Affected Versions Open Web Analytics versions prior to 1.7.4 Description The issue allows an unauthenticated remote attacker to obtain sensitive user information, which can be used to gain admin privileges by leveraging cache hashes. This occurs because files...

Hashicorp HashiCorp Vault 信息泄露漏洞

HashiCorp HashiCorp Vault is a private key access management tool from HashiCorp Hashicorp, USA. An information disclosure vulnerability exists in HashiCorp Vault, which stems from a misconfiguration of the product's cache that causes the browser to incorrectly cache sensitive information about a...

AZL-41629 CVE-2018-1000217 affecting package libglvnd for versions less than 1.7.0-2

Dave Gamble cJSON version 1.7.3 and earlier contains a CWE-416: Use After Free vulnerability in cJSON library that can result in Possible crash, corruption of data or even RCE. This attack appear to be exploitable via Depends on how application uses cJSON library. If application provides network...

Inedo Otter Directory Traversal Vulnerability

Inedo Otter is a set of server monitoring and configuration software from Inedo, USA. The software displays the configuration status of the target server by providing a dynamic, visual interface. A directory traversal vulnerability exists in the file system's rafts in versions of Inedo Otter prio...

CVE-2017-15607

Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181...

Foreman Man-in-the-Middle Attack Vulnerability

Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides features such as service provisioning, configuration management, and status reporting. A security vulnerability exists in Foreman versions prior to 1.7.4, which stems from the program's failu...