Lucene search
K

73 matches found

NVD
NVD
added 2024/03/14 3:15 a.m.31 views

CVE-2024-1654

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

7.2CVSS7.8AI score0.01308EPSS
Exploits0References1
OSV
OSV
added 2024/03/14 3:15 a.m.4 views

CVE-2024-1654

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

7.2CVSS6.1AI score0.01308EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/03/14 3:6 a.m.32 views

CVE-2024-1654 Unauthorized write operations in PaperCut NG/MF

This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...

7.2CVSS7.5AI score0.01308EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/08/29 4:31 p.m.10 views

CVE-2023-3646 On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.

On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload...

5.9CVSS6.7AI score0.00564EPSS
Exploits1References1
Ivanti
Ivanti
added 2023/02/14 7:22 a.m.7 views

JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function

Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...

7.3AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.3 views

PT-2023-1145 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a lack of protection for internal system data in the Windows operating system. This could allow an attacker to gain unauthorized access to a device. The vulnerabilit...

5.5CVSS8.9AI score0.01012EPSS
Exploits0References11
OSV
OSV
added 2022/09/16 7:26 p.m.23 views

GHSA-9XGJ-FCGF-X6MW Poetry Argument Injection can lead to Local Code Execution

Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...

8.6CVSS7.8AI score0.01475EPSS
Exploits1References7
Github Security Blog
Github Security Blog
added 2022/08/06 5:39 a.m.29 views

JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization

Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...

5.3CVSS5.3AI score0.00582EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/08/01 9:15 p.m.19 views

Design/Logic Flaw

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

5CVSS5.1AI score0.00582EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/08/01 8:20 p.m.96 views

CVE-2022-31189

The CVE-2022-31189 issue affects the DSpace JSPUI component. When an internal system error occurs in the JSPUI, the application exposes the entire exception stack trace, which can disclose sensitive information. Affected product: DSpace JSPUI (UI for the repository app). Root cause: unsealed erro...

5.3CVSS5.1AI score0.00582EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/08/01 8:20 p.m.44 views

CVE-2022-31189 "Internal System Error" page in DSpace JSPUI prints exceptions and stack traces without sanitization

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

5.3CVSS5.4AI score0.00582EPSS
Exploits0References2
OSV
OSV
added 2022/08/01 8:20 p.m.32 views

CVE-2022-31189 "Internal System Error" page in DSpace JSPUI prints exceptions and stack traces without sanitization

DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...

5.3CVSS5.2AI score0.00582EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2022/08/01 12:0 a.m.6 views

PT-2022-20597 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 6.4 Description: When an "Internal System Error" occurs in the JSPUI, the entire exception, including the stack trace, is available. Information in this stacktrace may be useful to an attacker in launching a more...

5.3CVSS5.1AI score0.00582EPSS
Exploits0References8
CNVD
CNVD
added 2022/06/20 12:0 a.m.17 views

Employee Leaves Management System Cross-Site Request Forgery Vulnerability

Employee Leaves Management System ELMS is an internal employee management system. A cross-site request forgery vulnerability exists in Employee Leaves Management System ELMS v2.1, which can be exploited by an attacker to change the details of any user profile, such as username, phone number, etc...

6.5CVSS6.3AI score0.00503EPSS
Exploits1References1
CVE
CVE
added 2022/06/02 5:12 p.m.48 views

CVE-2022-29597

CVE-2022-29597 affects Solutions Atlantic Regulatory Reporting System (RRS) v500. It exposes a Local File Inclusion (LFI) vulnerability via the ShowDocument/ShowDocument.aspx page, where an authenticated user can abuse the fileName parameter to reference internal system files (eg. web.config) and...

6.5CVSS6.5AI score0.01852EPSS
Exploits2References2Affected Software1
CNNVD
CNNVD
added 2022/04/21 12:0 a.m.6 views

Johnson Controls Metasys system 代码问题漏洞

Johnson Controls Metasys system is a building automation system from Johnson Controls. A code issue vulnerability exists in the Johnson Controls Metasys system that allows an attacker to identify and spoof requests to an internal system via specially crafted requests...

9.1CVSS8.4AI score0.0081EPSS
Exploits0References6
HackRead
HackRead
added 2022/03/23 7:27 p.m.23 views

Microsoft and Okta Confirm Data Breach Claims by LAPSUS$

By Deeba Ahmed Both companies have confirmed the breach after Lapsus$ hackers leaked screenshots of Oktas internal system and source code… This is a post from HackRead.com Read the original post: Microsoft and Okta Confirm Data Breach Claims by LAPSUS$...

1.6AI score
Exploits0
Hacker One
Hacker One
added 2021/05/17 4:38 p.m.21 views

Sifchain: Possible Database Details stored in values.yaml

The database details like username and database name are disclosed in the below mentioned file. Assuming a blank password since the password field was empty. File Location : https://github.com/Sifchain/sifnode/blob/740331dad061ee0f5a3cf3798d429f294b70f0ae/deploy/helm/block-explorer/values.yaml I...

6.9AI score
Exploits0
Veracode
Veracode
added 2021/03/01 10:10 a.m.21 views

Server Side Request Forgery (SSRF)

github.com/thecodingmachine/gotenberg is vulnerable to Server Side Request Forgery SSRF. An attacker is able to send malicious requests on behalf of the application via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

5.3CVSS4AI score0.01053EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2021/02/26 6:15 p.m.23 views

CVE-2021-23345

All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...

5.3CVSS0.01053EPSS
Exploits1References2
Rows per page
Query Builder