262 matches found
PT-2022-20402 · Jenkins · Jenkins Mercurial Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Mercurial Plugin versions 2.16 and earlier Description: The issue allows attackers who can configure pipelines to check out some SCM repositories stored on the Jenkins controller's file system using local paths as SCM URLs. This enabl...
CVE-2021-41942
The Magic CMS MSVOD v10 video system has a SQL injection vulnerability. Attackers can use vulnerabilities to obtain sensitive information in the database...
CVE-2022-0919
The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number ...
gateway: radosgw: CRLF injection
A flaw was found in the Red Hat Ceph Storage RadosGW Ceph Object Gateway. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when makin...
Design/Logic Flaw
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users...
CVE-2022-22792 MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters
MobiSoft - MobiPlus User Take Over and Improper Handling of url Parameters Attacker can navigate to specific url which will expose all the users and password in clear text. http://IP/MobiPlusWeb/Handlers/MainHandler.ashx?MethodName=GridData&GridName=Users...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities allow a malicious party to cause a denial-of-service cause and to obtain system data. Potentially, the Denial-of-Service attack could be used to execute arbitrary code. Google has released a new version to address the vulnerabilities...
Fortinet FortiOS 安全漏洞
Fortinet FortiOS is a security operating system from Fortinet that is dedicated to the FortiGate network security platform. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam.Fortinet FortiOS has a security...
CVE-2020-14999
A logic bug in system monitoring driver of Acronis Agent after 12.5.21540 and before 12.5.23094 allowed to bypass Windows memory protection and access sensitive data...
sanlock bug fix and enhancement update
The sanlock packages provide a shared storage lock manager. Hosts with shared access to a block device or a file can use sanlock to synchronize their activities. VDSM and libvirt use sanlock to synchronize access to shared devices or files. Bug Fixes and Enhancements: bad client message causes...
The vulnerability of the Dovecot mail server arises from incorrect neutralization of special elements in the output data used by the incoming component, allowing attackers to expose user credentials.
The vulnerability of the Dovecot mail server is related to incorrect neutralization of special elements in the output data used by the incoming component. Exploiting this vulnerability can allow a remote attacker to expose user credentials...
IBM Financial Transaction Manager Cross-Site Scripting Vulnerability
IBM Financial Transaction Manager for Check Services FTM CHK is a financial transaction manager from IBM, USA. The product is primarily used to monitor, track and report on financial payments and transactions. IBM Financial Transaction Manager suffers from a cross-site scripting vulnerability tha...
Unauthorized Access Vulnerability in AXIS M3004 Network Camera
Axis is an IT company that specializes in providing web video solutions. An unauthorized access vulnerability exists in the AXIS M3004 Network Camera, which can be exploited by attackers to obtain sensitive information...
Foreman Information Disclosure Vulnerability
Foreman is a set of lifecycle management tools for use in physical and virtual servers. The tool provides service provisioning, configuration management, and status reporting. An information disclosure vulnerability exists in Foreman project, which can be exploited by a local attacker to expose...
CVE-2020-35667
JetBrains TeamCity Plugin before 2020.2.85695 SSRF. Vulnerability that could potentially expose user credentials...
UBUNTU-CVE-2021-23961
Further techniques that built on the slipstream research combined with a malicious webpage could have exposed both an internal network's hosts as well as services running on the user's local machine. This vulnerability affects Firefox 85...
Ubuntu 16.04 LTS : icoutils vulnerabilities (USN-4695-1)
The remote Ubuntu 16.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-4695-1 advisory. Choongwoo Han discovered that icoutils incorrectly handled certain files. An attacker could possibly use this issue to cause a denial of service or execu...
The vulnerability of the NGINX Controller Agent monitoring and management platform, related to deficiencies in path name restriction, allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the NGINX Controller Agent monitoring and management platform is related to deficiencies in path name restriction for the directory. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected...
CVE-2020-26837
SAP Solution Manager 7.2 User Experience Monitoring, version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the...
Android Messenger App Still Leaking Photos, Videos
The GO SMS Pro Android app has published two new versions on Google Play since a major security weakness was disclosed in November – but neither fixes the original issue, leaving 100 million users at risk for privacy violations, researchers said. Meanwhile, a raft of exploitation tools have been...