8 matches found
CVE-2024-27138
UNSUPPORTED WHEN ASSIGNED Incorrect Authorization vulnerability in Apache Archiva. Apache Archiva has a setting to disable user registration, however this restriction can be bypassed. As Apache Archiva has been retired, we do not expect to release a version of Apache Archiva that fixes this issue...
Automattic: Captcha checker "pd-captcha_form_SURVEYID" cookie is accepting any value
Summary: Hi team, There is a Captcha protection feature on surveys and polls. If you captcha protection enabled survey, you will see this : F901789 When you solve captcha and click Submit Captcha, website sets a cookie like this : F901799 And if you delete this cookie and try access to survey, yo...
Privilege Escalation
sudo is vulnerable to privilege escalation vulnerability. sudo noexec restriction could have been bypassed if application run via sudo executed wordexp C library function with a user supplied argument which allow local users to inject arbitrary commands with elevated privileges...
CVE-2018-11142
The 'systemui/settingsnetwork.php' and 'systemui/settingspatching.php' scripts in the Quest KACE System Management Appliance 8.0.318 are accessible only from localhost. This restriction can be bypassed by modifying the 'Host' and 'XForwardedFor' HTTP headers in a POST request. An anonymous user c...
RHEL 6 / 7 : sudo (RHSA-2016:2872)
An update for sudo is now available for Red Hat Enterprise Linux 6 and Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...
CVE-2015-6711
The DoIdentityDialog method in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to bypass JavaScript API...
CVE-2014-9494
RabbitMQ before 3.4.0 allows remote attackers to bypass the loopbackusers restriction via a crafted X-Forwareded-For header...
Apache Struts < 2.2.0 - Remote Command Execution (Metasploit)
$Id: strutscodeexec.rb 13586 2011-08-19 05:59:32Z bannedit $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...