18 matches found
EUVD-2022-37576
Malicious code in bioql PyPI...
EUVD-2022-0434
Malicious code in bioql PyPI...
BIT-NIFI-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...
CVE-2023-3031
Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15...
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...
CVE-2024-1908
An Improper Privilege Management vulnerability was identified in GitHub Enterprise Server that allowed an attacker to use the Enterprise Actions GitHub Connect download token to fetch private repository data. An attacker would require an account on the server instance with non-default settings fo...
PT-2024-18414
Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server versions prior to 3.12 GitHub Enterprise Server versions 3.8.15 and earlier GitHub Enterprise Server versions 3.9.10 and earlier GitHub Enterprise Server versions 3.10.7 and earlier GitHub Enterprise Server versions...
CVE-2023-3031
Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15...
CVE-2023-3031 Prestahop module King-Avis - Path traversal
Improper Limitation of a Pathname leads to a Path Traversal vulnerability in the module King-Avis for Prestashop, allowing a user knowing the download token to read arbitrary local files.This issue affects King-Avis: before 17.3.15...
King-Avis 路径遍历漏洞
King-Avis is an application from King-Avis, Inc. for online stores to provide automated review collection services. A security vulnerability exists in King-Avis versions prior to 17.3.15, which stems from an improper pathname restriction in the Prestashop module that allows a user who knows the...
PT-2023-22627 · Unknown +1 · Prestashop +1
Name of the Vulnerable Software and Affected Versions: King-Avis versions prior to 17.3.15 Description: The issue is related to Improper Limitation of a Pathname, leading to a Path Traversal vulnerability in the King-Avis module for Prestashop. This allows a user with knowledge of the download...
CVE-2022-34624
Mealie1.0.0beta3 does not terminate download tokens after a user logs out, allowing attackers to perform a man-in-the-middle attack via a crafted GET request...
Missing Authentication for Critical Function in Apache NiFi
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...
Denial Of Service (DoS)
nifi-web-security is vulnerable to denial of service. The NiFi download token one-time password mechanism used a fixed cache size and does not authenticate a request to create a download token. This allows an unauthenticated user to repeatedly request download tokens, preventing legitimate users...
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...
CVE-2020-9487
In Apache NiFi 1.0.0 to 1.11.4, the NiFi download token one-time password mechanism used a fixed cache size and did not authenticate a request to create a download token, only when attempting to use the token to access the content. An unauthenticated user could repeatedly request download tokens,...
ConverTo Video Downloader Converter 1.4.1 - Arbitrary File Download
ConverTo Video Downloader Converter 1.4.1 - Arbitrary File Download Exploit Title: ConverTo Video Downloader & Converter 1.4.1 - Arbitrary File Download Dork: N/A Date: 29.09.2017 Vendor Homepage: https://codecanyon.net/user/lemonadeflirt Software Link:...