PT-2023-22684 · Dotcms · Dotcms

Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 23.06 dotCMS versions prior to LTS 22.03.7 dotCMS versions prior to LTS 23.01.4 Description: A flaw in the NormalizationFilter of dotCMS does not strip double slashes // from URLs, potentially enabling bypasses for XS...

CVE-2022-31215

In certain Goverlan products, the Windows Firewall is temporarily turned off upon a Goverlan agent update operation. This allows remote attackers to bypass firewall blocking rules for a time period of up to 30 seconds. This affects Goverlan Reach Console before 10.5.1, Reach Server before 3.70.1,...

CVE-2022-24855 XSS vulnerability in Metabase

Metabase is an open source business intelligence and analytics application. In affected versions Metabase ships with an internal development endpoint /internal that can allow for cross site scripting XSS attacks, potentially leading to phishing attempts with malicious links that could lead to...

CVE-2022-24829

Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api...

Seagate Central unauthenticated file upload

Added: 06/09/2015 Background Seagate Central is a personal cloud storage device which can be connected to a wireless router. Problem Seagate Central has no root password, allowing unauthenticated users to upload arbitrary files via PHP. This can be leveraged to execute arbitrary commands by...

In-depth NC provide the right success and failure reasons-vulnerability warning-the black bar safety net

A lot of people in NC to mention the right without success. Because one of the reasons is you do not have to reduce the permissions. While the cause of the NC mention the right to fail ////////////////// Need to note: 1. Bounce the port. ///////////////////////// Online a lot of articles written...

Information disclosure

The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information...

CVE-2007-3038

The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information...

CVE-2007-3038

The Teredo interface in Microsoft Windows Vista and Vista x64 Edition does not properly handle certain network traffic, which allows remote attackers to bypass firewall blocking rules and obtain sensitive information via crafted IPv6 traffic, aka "Windows Vista Firewall Blocking Rule Information...