IBM MQ Appliance and IBM MQ Denial of Service Vulnerabilities

IBM MQ IBM WebSphere MQ and IBM MQ Appliance are both products of IBM Corporation, U.S.A. IBM MQ is a messaging middleware product. The product focuses on providing a reliable and proven messaging backbone for Service Oriented Architecture SOA.IBM MQ Appliance is an all-in-one appliance for rapid...

CVE-2019-19381

oauth/oauth2/v1/saml/ in Abacus OAuth Login 201901r4201910210000 before prior to R4 20.11.2019 Hotfix allows Reflected Cross Site Scripting XSS via an error message...

CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

Design/Logic Flaw

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

UBUNTU-CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

CVE-2019-12446

An issue was discovered in GitLab Community and Enterprise Edition 8.3 through 11.11. It allows Information Exposure through an Error Message...

CVE-2019-12446

The CVE-2019-12446 issue affects GitLab Community and Enterprise Edition versions 8.3 through 11.11, allowing information exposure via an error message. The vulnerability is documented across multiple sources (NVD, Red Hat, Debian, OSV, etc.) with the same flaw description and no detailed root-ca...

CVE-2019-12446

Removed by vendor...

CVE-2020-2152

Jenkins Subversion Release Manager Plugin 1.2 and earlier does not escape the error message for the Repository URL field form validation, resulting in a reflected cross-site scripting vulnerability...

PT-2020-15363 · Jenkins · Jenkins Subversion Partial Release Manager Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Subversion Release Manager Plugin versions 1.2 and earlier Description: The issue is related to a reflected cross-site scripting vulnerability. It occurs because the error message for the Repository URL field form validation is not...

Endless Group: Enumeration of username on password reset page

Summary: Reset password page api call, can be used to enumerate usernames based on the error message Steps To Reproduce: add details for how we can reproduce the issue 1. Go to password reset page 2. Enter username and click submit 3. Check email for password reset code, open the url in any brows...

CVE-2019-19993

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths...

SmartClient Absolute Path Information Disclosure Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . An absolute path information disclosure vulnerability exists in SmartClient 12.0. An unauthenticated attacker can exploit this vulnerability by sending a...

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

CVE-2013-3565

Multiple cross-site scripting XSS vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the 1 command parameter to requests/vlmcmd.xml, 2 dir parameter to requests/browse.xml, or 3 URI in a request, which ...

PYSEC-2020-212

Multiple cross-site scripting XSS vulnerabilities in Roundup before 1.4.20 allow remote attackers to inject arbitrary web script or HTML via the 1 @okmessage or 2 @errormessage parameter to issue...

CVE-2019-4636

IBM Security Secret Server 10.7 could disclose sensitive information to an authenticated user from generated error messages. IBM X-Force ID: 170013...