72 matches found
Improper input validation vulnerability in WordPress Plugin "WordPress Quiz Maker Plugin"
Overview WordPress Plugin "WordPress Quiz Maker Plugin" provided by AYS Pro Plugins contains an improper input validation vulnerability CWE-20. Shogo Kumamaru of LAC CyberLink Co., Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early...
CVE-2018-16153
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...
CVE-2018-16153
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...
CVE-2018-16153
An issue was discovered in Apereo Opencast 4.x through 10.x before 10.6. It sends system digest credentials during authentication attempts to arbitrary external services in some situations...
CVE-2023-50454
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers...
Zammad 安全漏洞
Zammad is a suite of ticket management software from the German company Zammad. A trust management issue vulnerability exists in Zammad that stems from the fact that SSL/TLS is used in multiple subsystems to establish connections to external services without properly validating the hostname and...
CVE-2023-50454
An issue was discovered in Zammad before 6.2.0. In several subsystems, SSL/TLS was used to establish connections to external services without proper validation of hostname and certificate authority. This is exploitable by man-in-the-middle attackers...
CVE-2023-43656
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. Instances that have enabled transformation functions those that have generic.allowJsTransformationFunctions in their config, may be vulnerable to an attack where it is possible to break out of...
OpenNMS Horizon 代码问题漏洞
OpenNMS Horizon is an open source solution from OpenNMS, Inc. that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon version 31.0.8 through versions prior to 32.0.2. An attacker exploited the vulnerability to force...
Wolt 信任管理问题漏洞
Wolt is a food and merchandise delivery platform by Finnish company Wolt. A security vulnerability exists in Wolt : Food Delivery/Demae Android App version 4.27.2 and earlier, which stems from the use of hard-coded API keys to provide external services, and can be exploited by an attacker to...
Server side request forgery (ssrf)
A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...
Tenable.sc 代码问题漏洞
Tenable Network Security Tenable.Sc is a vulnerability analysis solution from Tenable Network Security, USA. The product supports real-time vulnerability assessment and management, among other things. A security vulnerability exists in versions of Tenable.sc prior to 6.0.0 that stems from imprope...
CVE-2023-24495
A Server Side Request Forgery SSRF vulnerability exists in Tenable.sc due to improper validation of session & user-accessible input data. A privileged, authenticated remote attacker could interact with external and internal services covertly...
Ghost unauthorized newsletter modification vulnerability
Talos Vulnerability Report TALOS-2022-1624 Ghost unauthorized newsletter modification vulnerability December 21, 2022 CVE Number CVE-2022-41654 SUMMARY An authentication bypass vulnerability exists in the newsletter subscription functionality of Ghost Foundation Ghost 5.9.4. A specially-crafted...
[SECURITY] Fedora 35 Update: golang-github-google-martian-3.1.0-9.fc35
Martian Proxy is a programmable HTTP proxy designed to be used for testing. Martian is a great tool to use if you want to: - Verify that all or some subset of requests are secure - Mock external services at the network layer - Inject headers, modify cookies or perform other mutations of HTTP...
Drupal addresses a Guzzle third-party vulnerability
Threat Level Vulnerability Report For a detailed advisory, download the pdf file here Summary The Drupal core project addresses security flaws in a third-party Guzzle library to handle HTTP requests and responses to external services. These may not directly affect Drupal core; however, it can hav...
CVE-2022-0123
Removed by vendor...
GHSA-HCXX-MP6G-6GR9 Opencast publishes global system account credentials
The issue was mostly mitigated before, drastically reducing the risk. See references below for more information. Impact Opencast before version 10.6 will try to authenticate against any external services listed in a media package when it is trying to access the files, sending the global system...
PT-2021-8817 · Apereo · Apereo Opencast
Name of the Vulnerable Software and Affected Versions: Apereo Opencast versions 4.x through 10.x before 10.6 Description: An issue was discovered in Apereo Opencast where it sends system digest credentials during authentication attempts to arbitrary external services in some situations. This occu...
CVE-2021-32743 Passwords used to access external services inadvertently exposed through API
Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions prior to 2.11.10 and from version 2.12.0 through version 2.12.4, some of the Icinga 2 features that require credentials for extern...