Lucene search
K

168 matches found

contao
contao
added 2021/08/11 12:0 a.m.85 views

PHP file inclusion via insert tags

Date : 2021-08-11 CVE ID : CVE-2021-37626 Description It is possible for untrusted users to load arbitrary PHP files via insert tags. Installations are only affected if there are untrusted back end users. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.55 Contao...

7.2CVSS6.9AI score0.01254EPSS
Exploits0Affected Software1
contao
contao
added 2021/08/11 12:0 a.m.23 views

Privilege escalation with the form generator

Date : 2021-08-11 CVE ID : CVE-2021-37627 Description It is possible for untrusted users to gain administrator rights with the form generator. Installations are only affected if there are untrusted back end users with access to the form generator. Affected versions Contao 4.0 Contao 4.1 Contao 4....

8CVSS7.3AI score0.01023EPSS
Exploits0Affected Software1
osv
osv
added 2021/08/09 8:37 p.m.14 views

GHSA-H563-XH25-X54Q Workflow re-write vulnerability using input parameter

Impact Allow end-users to set input parameters, but otherwise expect workflows to be secure. Patches Not yet. Workarounds Set EXPRESSIONTEMPLATES=false for the workflow controller References https://github.com/argoproj/argo-workflows/issues/6441 For more information If you have any questions or...

6.5CVSS6.3AI score0.00963EPSS
Exploits1References7
github
github
added 2021/08/09 8:37 p.m.61 views

Workflow re-write vulnerability using input parameter

Impact Allow end-users to set input parameters, but otherwise expect workflows to be secure. Patches Not yet. Workarounds Set EXPRESSIONTEMPLATES=false for the workflow controller References https://github.com/argoproj/argo-workflows/issues/6441 For more information If you have any questions or...

6.5CVSS6.3AI score0.00963EPSS
Exploits1References7Affected Software1
zdt
zdt
added 2021/06/30 12:0 a.m.157 views

Securepoint SSL VPN Client 2.0.30 Local Privilege Escalation Vulnerability

Securepoint SSL VPN Client version 2.0.30 suffers from a local privilege escalation vulnerability. Local Privilege Escalation in Securepoint SSL VPN Client 2.0.30 Metadata =================================================== Release Date: 29-Jun-2021 Author: Florian Bogner @...

7.8CVSS7.9AI score0.00707EPSS
Exploits3
ubuntucve
ubuntucve
added 2021/03/13 9:15 p.m.39 views

CVE-2021-28373

The authinternal plugin in Tiny Tiny RSS aka tt-rss before 2021-03-12 allows an attacker to log in via the OTP code without a valid password. NOTE: this issue only affected the git master branch for a short time. However, all end users are explicitly directed to use the git master branch in...

7.5CVSS7.1AI score0.00934EPSS
Exploits0References3
thn
thn
added 2020/12/04 8:14 a.m.5 views

How Organizations Can Prevent Users from Using Breached Passwords

There is no question that attackers are going after your sensitive account data. Passwords have long been a target of those looking to compromise your environment. Why would an attacker take the long, complicated way if they have the keys to the front door? No matter how extensive your security...

5.9AI score
Exploits0
cvelist
cvelist
added 2020/10/28 12:47 p.m.28 views

CVE-2020-8241

A vulnerability in the Pulse Secure Desktop Client 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server...

7.3AI score0.01743EPSS
Exploits2References1
fedora
fedora
added 2020/09/12 4:35 p.m.19 views

[SECURITY] Fedora 32 Update: dotnet-build-reference-packages-0-5.20200608git1b1a695.fc32

This contains references packages used for building .NET Core. This is not meant to be used by end-users...

1.7AI score
Exploits0
redhatcve
redhatcve
added 2020/08/24 4:48 p.m.39 views

CVE-2020-14369

This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash fi...

6.3CVSS1AI score0.00335EPSS
Exploits0References3
osv
osv
added 2020/07/30 1:15 p.m.5 views

CVE-2020-8216

An information disclosure vulnerability in meeting of Pulse Connect Secure 9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID...

4.3CVSS6AI score0.02283EPSS
Exploits0References1
cvelist
cvelist
added 2020/07/30 12:53 p.m.24 views

CVE-2020-8216

An information disclosure vulnerability in meeting of Pulse Connect Secure 9.1R8 allowed an authenticated end-users to find meeting details, if they know the Meeting ID...

5.2AI score0.02283EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2020/05/09 8:16 p.m.50 views

CVE-2019-20795

iproute2 before 5.1.0 has a use-after-free in getnetnsidfromname in ip/ipnetns.c. NOTE: security relevance may be limited to certain uses of setuid that, although not a default, are sometimes a configuration option offered to end users. Even when setuid is used, other factors such as C library...

4.4CVSS5.1AI score0.00403EPSS
Exploits0
talosblog
talosblog
added 2020/04/08 1:3 p.m.34 views

AZORult brings friends to the party

By Vanja Svajcer. NEWS SUMMARY We are used to ransomware attacks and big game hunting making the headlines, but there is an undercurrent of other attack types that allow attackers to monetize their efforts in a less intrusive way.Here, we discuss a multi-pronged cyber criminal attack using a numb...

3AI score
Exploits0
veeam
veeam
added 2020/02/17 12:0 a.m.13 views

License compatibility and merge rules for Veeam Availability Suite v10/v11

The following describes general licensing, compatibility and merge rules for end users/customers. It shows the monitoring and reporting capabilities of Veeam ONE licensed perpetually per socket and...

2.7AI score
Exploits0Affected Software1
osv
osv
added 2019/12/17 2:15 p.m.16 views

CVE-2019-19712

Contao 4.0 through 4.8.5 has Insecure Permissions. Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them...

5.3CVSS5.3AI score
Exploits0References2
contao
contao
added 2019/12/17 12:0 a.m.78 views

Information disclosure in the back end

Date : 2019-12-17 CVE ID : CVE-2019-19712 Description Back end users can manipulate the details view URL to show pages and articles that have not been enabled for them. Affected versions Contao 4.0 Contao 4.1 Contao 4.2 Contao 4.3 Contao 4.4 up to 4.4.45 Contao 4.5 Contao 4.6 Contao 4.7 Contao 4....

5.3CVSS5AI score0.0088EPSS
Exploits0Affected Software1
thn
thn
added 2019/10/24 9:18 a.m.6 views

How to Avoid the Top Three Causes of Data Breaches in 2019

What's the price of unprotected IT infrastructure? Cybercrime Magazine says that global damages will surpass $6 billion as soon as 2021. Here we'll go through some of the most frequent and emerging causes of data breaches in 2019 and see how to address them in a timely manner. Misconfigured Cloud...

5.8AI score
Exploits0
threatpost
threatpost
added 2019/09/18 6:30 p.m.49 views

Rethinking Responsibilities and Remedies in Social-Engineering Attacks

In the pantheon of catchy cybersecurity slogans that should never have caught on, two about social engineering spring to mind almost immediately: “End users are the weakest link” and “attackers only have to be lucky once; defenders have to be lucky all the time.” Both of those statements have bee...

0.6AI score
Exploits0References7
osv
osv
added 2019/04/11 8:29 p.m.6 views

CVE-2019-9056

An issue was discovered in CMS Made Simple 2.2.8. In the module FrontEndUsers in the file class.FrontEndUsersManipulate.php or class.FrontEndUsersManipulator.php, it is possible to reach an unserialize call with an untrusted FEU cookie, and achieve authenticated object injection...

8.8CVSS7.2AI score0.01289EPSS
Exploits0References2
Rows per page
Query Builder