Lucene search
K

116 matches found

Tenable Nessus
Tenable Nessus
added 2024/12/23 12:0 a.m.28 views

Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities

The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.97, 10.1.0-M1 to 10.1.33 or 11.0.0-M1 to 11.0.1. It is, therefore, affected by multiple vulnerabilities : - The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 11.0.2 or later, users...

9.8CVSS9.1AI score0.43663EPSS
Exploits13References4
CNNVD
CNNVD
added 2024/11/16 12:0 a.m.4 views

WordPress plugin CSV to html 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue exists in...

9.9CVSS8.3AI score0.00478EPSS
Exploits0References1
CVE
CVE
added 2024/10/30 12:0 a.m.111 views

CVE-2024-48346

Affected software: xtreme1

6.1CVSS7AI score0.0022EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/10/30 12:0 a.m.9 views

PT-2024-33086 · Xtreme1 · Xtreme1

Name of the Vulnerable Software and Affected Versions: xtreme1 versions prior to 0.9.2 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It is triggered through the fileUrl parameter in the "/api/data/upload" API endpoint, allowing an attacker to make arbitrar...

6.1CVSS7AI score0.0022EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.12 views

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

7AI score0.0022EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/30 12:0 a.m.28 views

CVE-2024-48346

xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...

0.0022EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/30 12:0 a.m.17 views

CVE-2024-43382

Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...

6.9AI score0.00173EPSS
Exploits0References1
CVE
CVE
added 2024/10/30 12:0 a.m.281 views

CVE-2024-43382

CVE-2024-43382 affects Snowflake JDBC driver bug where versions 3.2.6–3.19.1 have an incorrect security setting that can allow data to be uploaded to an encrypted stage without the extra protection of client-side encryption. The root cause is an insufficient security configuration, potentially ex...

5.9CVSS6.9AI score0.00173EPSS
Exploits0References1Affected Software1
Packet Storm
Packet Storm
added 2024/08/09 12:0 a.m.318 views

Exam Form Submission 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : Exam Form Submission v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...

7.4AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.15 views

Meinberg LANTIME Arbitrary File Read (CVE-2018-10834)

Admin and info users were able to read data through the data upload mechanism to which only root users have access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/05/02 12:0 a.m.20 views

Meinberg LANTIME Arbitrary File Read (CVE-2018-10835)

Admin users were able to exchange web interface data through the data upload mechanism to which only root users have access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...

5.5AI score
Exploits0References2
CVE
CVE
added 2024/04/13 1:57 a.m.73 views

CVE-2024-3027

CVE-2024-3027 : The WordPress Smart Slider 3 plugin (all versions up to 3.5.1.22) contains a missing capability check in the upload function, allowing authenticated attackers with contributor-level access or higher to upload arbitrary files (including SVG). This can enable stored cross-site scrip...

6.4CVSS5.6AI score0.00337EPSS
Exploits0References2
Citrix
Citrix
added 2023/09/05 12:0 a.m.8 views

"502 Bad Gateway" error within Citrix Insight Services (CIS)

After logging in Citrix Insight Services site and clicking Tools-Upload Data, "502 Bad Gateway" error is shown as below...

7AI score
Exploits0
SUSE CVE
SUSE CVE
added 2023/02/15 4:11 a.m.3 views

SUSE CVE-2019-13033

In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...

3.3CVSS4.8AI score0.00365EPSS
Exploits0References3
Prion
Prion
added 2023/02/02 9:15 a.m.17 views

Security feature bypass

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9...

4.1CVSS7.8AI score0.00417EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/02/02 12:0 a.m.6 views

Trellix Data Loss Prevention 代码问题漏洞

Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic on all ports, protocols, etc. A security vulnerability exists in the Trellix Data Loss Prevention 11.9.x series of...

8.2CVSS7.8AI score0.00417EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/01 4:34 p.m.8 views

CVE-2023-0400

The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9...

5.9CVSS6.7AI score0.00417EPSS
Exploits0References1
OSV
OSV
added 2023/01/16 12:30 p.m.19 views

GHSA-79X5-CV79-49RJ Apache Superset is vulnerable to Cross-Site Scripting (XSS)

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.4CVSS5AI score0.01302EPSS
Exploits0References3
NVD
NVD
added 2023/01/16 11:15 a.m.51 views

CVE-2022-43718

Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...

5.4CVSS5.1AI score0.01302EPSS
Exploits0References1
Citrix
Citrix
added 2022/10/28 12:0 a.m.15 views

How to manually upload Telemetry data to CIS

This article explains the steps required when manually uploading the Telemetry data to CIS. Prerequisites V11.17.2 build 40000 license server or newer You must disable the automatic data upload before choosing to upload manually. Perform the following steps on your IT-managed/on-prem license serv...

7.2AI score
Exploits0
Rows per page
Query Builder