116 matches found
Apache Tomcat 9.0.0-M1 < 9.0.98 Multiple Vulnerabilities
The version of Apache Tomcat installed on the remote host is 9.0.0-M1 to 9.0.97, 10.1.0-M1 to 10.1.33 or 11.0.0-M1 to 11.0.1. It is, therefore, affected by multiple vulnerabilities : - The previous mitigation for CVE-2024-50379 was incomplete. In addition to upgrading to 11.0.2 or later, users...
WordPress plugin CSV to html 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue exists in...
CVE-2024-48346
Affected software: xtreme1
PT-2024-33086 · Xtreme1 · Xtreme1
Name of the Vulnerable Software and Affected Versions: xtreme1 versions prior to 0.9.2 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It is triggered through the fileUrl parameter in the "/api/data/upload" API endpoint, allowing an attacker to make arbitrar...
CVE-2024-48346
xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...
CVE-2024-48346
xtreme1 = v0.9.1 contains a Server-Side Request Forgery SSRF vulnerability in the /api/data/upload path. The vulnerability is triggered through the fileUrl parameter, which allows an attacker to make arbitrary requests to internal or external systems...
CVE-2024-43382
Snowflake JDBC driver versions = 3.2.6 and = 3.19.1 have an Incorrect Security Setting that can result in data being uploaded to an encrypted stage without the additional layer of protection provided by client side encryption...
CVE-2024-43382
CVE-2024-43382 affects Snowflake JDBC driver bug where versions 3.2.6–3.19.1 have an incorrect security setting that can allow data to be uploaded to an encrypted stage without the extra protection of client-side encryption. The root cause is an insufficient security configuration, potentially ex...
Exam Form Submission 1.0 Arbitrary File Upload
============================================================================================================================================= | Title : Exam Form Submission v1.0 Remote File Upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox...
Meinberg LANTIME Arbitrary File Read (CVE-2018-10834)
Admin and info users were able to read data through the data upload mechanism to which only root users have access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if...
Meinberg LANTIME Arbitrary File Read (CVE-2018-10835)
Admin users were able to exchange web interface data through the data upload mechanism to which only root users have access. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc...
CVE-2024-3027
CVE-2024-3027 : The WordPress Smart Slider 3 plugin (all versions up to 3.5.1.22) contains a missing capability check in the upload function, allowing authenticated attackers with contributor-level access or higher to upload arbitrary files (including SVG). This can enable stored cross-site scrip...
"502 Bad Gateway" error within Citrix Insight Services (CIS)
After logging in Citrix Insight Services site and clicking Tools-Upload Data, "502 Bad Gateway" error is shown as below...
SUSE CVE-2019-13033
In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload th...
Security feature bypass
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9...
Trellix Data Loss Prevention 代码问题漏洞
Trellix Data Loss Prevention Trellix DLP is a data loss prevention solution from American FireEye Trellix. It provides a comprehensive scan of inbound and outbound network traffic on all ports, protocols, etc. A security vulnerability exists in the Trellix Data Loss Prevention 11.9.x series of...
CVE-2023-0400
The protection bypass vulnerability in DLP for Windows 11.9.x is addressed in version 11.10.0. This allowed a local user to bypass DLP controls when uploading sensitive data from a mapped drive into a web email client. Loading from a local driver was correctly prevented. Versions prior to 11.9...
GHSA-79X5-CV79-49RJ Apache Superset is vulnerable to Cross-Site Scripting (XSS)
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
CVE-2022-43718
Upload data forms do not correctly render user input leading to possible XSS attack vectors that can be performed by authenticated users with database connection update permissions. This issue affects Apache Superset version 1.5.2 and prior versions and version 2.0.0...
How to manually upload Telemetry data to CIS
This article explains the steps required when manually uploading the Telemetry data to CIS. Prerequisites V11.17.2 build 40000 license server or newer You must disable the automatic data upload before choosing to upload manually. Perform the following steps on your IT-managed/on-prem license serv...