Lucene search
+L

326 matches found

Positive Technologies
Positive Technologies
added 2024/05/14 12:0 a.m.10 views

PT-2024-10059 · Intel · Intel Chipset Device

Name of the Vulnerable Software and Affected Versions: IntelR Chipset Device Software versions prior to 10.1.19444.8378 Description: The issue is related to an uncontrolled search path in the Intel Chipset INF Utility, which may allow an authenticated user to potentially enable escalation of...

7.3CVSS6.9AI score0.00184EPSS
Exploits0References4
Openbugbounty
Openbugbounty
added 2024/03/26 5:30 a.m.3 views

inf-wear.dk Cross Site Scripting vulnerability OBB-3886640

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Fedora
Fedora
added 2024/03/07 10:33 p.m.24 views

[SECURITY] Fedora 40 Update: sisu-mojos-0.9.0~M2-4.fc40

The Sisu Plugin for Maven provides mojos to generate META-INF/sisu/javax.inject.Named index files for the Sisu container...

8.8CVSS6.8AI score0.02578EPSS
Exploits3
Openbugbounty
Openbugbounty
added 2024/01/23 10:32 p.m.3 views

inf-wear.dk Cross Site Scripting vulnerability OBB-3842237

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Amazon
Amazon
added 2024/01/09 12:0 a.m.5 views

Medium: jetty

Issue Overview: For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. Thi...

5.3CVSS6.6AI score0.7848EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/01/09 12:0 a.m.45 views

Amazon Linux 2 : jetty (ALAS-2024-2408)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2408 advisory. For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example...

5.3CVSS7.1AI score0.7848EPSS
Exploits2References4
OSV
OSV
added 2023/08/17 10:37 a.m.12 views

MAL-2023-1486 Malicious code in inf-build-module (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 033fc49e1c2258614dc2c2a1b849039e2cea7095fb6f4a4b95ccb8bde9955df0 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSV
OSV
added 2023/04/14 1:15 p.m.4 views

CVE-2023-26559

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...

5.3CVSS5.8AI score
Exploits0References2
Prion
Prion
added 2023/04/14 1:15 p.m.15 views

Directory traversal

A directory traversal vulnerability in Oxygen XML Web Author before 25.0.0.3 build 2023021715 and Oxygen Content Fusion before 5.0.3 build 2023022015 allows an attacker to read files from a WEB-INF directory via a crafted HTTP request. XML Web Author 24.1.0.3 build 2023021714 and 23.1.1.4 build...

5CVSS5.1AI score0.01013EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.8 views

PT-2023-20727 · Syncro Soft · Oxygen Content Fusion +1

Name of the Vulnerable Software and Affected Versions: Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715 Oxygen Content Fusion versions prior to 5.0.3 build 2023022015 Description: A directory traversal issue allows an attacker to read files from a WEB-INF directory via a crafted...

5.3CVSS5.1AI score0.01013EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/04/14 12:0 a.m.6 views

Syncro Soft Oxygen XML WebHelp 路径遍历漏洞

Syncro Soft Oxygen XML WebHelp is for converting DITA and DocBook resources to WebHelp output from Syncro Soft Romania. A security vulnerability exists in Oxygen XML Web Author versions prior to 25.0.0.3 build 2023021715, Oxygen Content Fusion versions prior to 5.0.3 build 2023022015, which...

5.3CVSS5.8AI score0.01013EPSS
Exploits0References3
Openbugbounty
Openbugbounty
added 2023/04/07 8:40 a.m.10 views

integrase.bioinf.mpi-inf.mpg.de Cross Site Scripting vulnerability OBB-3252644

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/03/14 12:0 a.m.41 views

Atlassian Jira 8.0.0 < 8.0.4 Multiple Vulnerabilities

According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is version 7.13.0 prior to 7.13.4, 8.0.0 prior to 8.0.4 or 8.1.0 prior to 8.1.1. It is, therefore, affected by multiple vulnerabilities: - A vulnerability which permits remote attackers w...

8.1CVSS6.5AI score0.59832EPSS
Exploits2References6
Veracode
Veracode
added 2023/03/03 2:16 p.m.33 views

Sensitive Information Disclosure

org.zkoss.zk:zk is vulnerable to Information Disclosure. The vulnerability is caused by forged requests with a nextURI parameter to the /zkau/upload endpoint, which then forwards the request internally. An attacker can then access sensitive files in the WEB-INF directory, which can include web.xm...

7.5CVSS6.7AI score0.95335EPSS
Exploits5References4Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 6:6 a.m.8 views

SUSE CVE-2008-5515

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, 6.0.0 through 6.0.18, and possibly earlier versions normalizes the target pathname before filtering the query string when using the RequestDispatcher method, which allows remote attackers to bypass intended access restrictions and conduct...

5CVSS5AI score0.18685EPSS
Exploits1References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:52 a.m.5 views

SUSE CVE-2020-27216

In Eclipse Jetty versions 1.0 thru 9.4.32.v20200930, 10.0.0.alpha1 thru 10.0.0.beta2, and 11.0.0.alpha1 thru 11.0.0.beta2O, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub...

7CVSS8.2AI score0.043EPSS
Exploits1References3
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.7 views

SUSE CVE-2021-28164

In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...

5.9CVSS8.5AI score0.82371EPSS
Exploits7References6
SUSE CVE
SUSE CVE
added 2023/02/15 3:44 a.m.4 views

SUSE CVE-2021-28169

For Eclipse Jetty versions = 9.4.40, = 10.0.2, = 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. For example a request to /concat?/%2557EB-INF/web.xml can retrieve the web.xml file. This can reveal...

6.5CVSS8AI score0.7848EPSS
Exploits2References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.9 views

SUSE CVE-2021-34429

For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc...

6.5CVSS8.6AI score0.99298EPSS
Exploits6References5
Prion
Prion
added 2022/11/21 11:15 p.m.23 views

Default configuration

An issue was discovered in Appalti & Contratti 9.12.2. The target web applications LFS and DL229 expose a set of services provided by the Axis 1.4 instance, embedded directly into the applications, as hinted by the WEB-INF/web.xml file leaked through Local File Inclusion. Among the exposed...

6.5CVSS8.6AI score0.00984EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder