73 matches found
CVE-2024-1654
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...
CVE-2024-1654
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...
CVE-2024-1654 Unauthorized write operations in PaperCut NG/MF
This vulnerability potentially allows unauthorized write operations which may lead to remote code execution. An attacker must already have authenticated admin access and knowledge of both an internal system identifier and details of another valid user to exploit this...
CVE-2023-3646 On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload.
On affected platforms running Arista EOS with mirroring to multiple destinations configured, an internal system error may trigger a kernel panic and cause system reload...
JSA10401 - Pulse Connect Secure (PCS) product - PCS Security Bundle - Internal System Function
Ivanti 4th of March 2024 - This isn't an active SA and any new edits are part of an article maintenance project. Internal System Function vulnerabilities found and fixed through a combination of internal and external proactive security testing: Issue with special characters used in a parameter in...
PT-2023-1145 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a lack of protection for internal system data in the Windows operating system. This could allow an attacker to gain unauthorized access to a device. The vulnerabilit...
GHSA-9XGJ-FCGF-X6MW Poetry Argument Injection can lead to Local Code Execution
Observation When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as git clone. These commands are being constructed using user input e.g. the repository URL. When building the commands, Poetry correctly avoids Command Injection...
JSPUI's "Internal System Error" page prints exceptions and stack traces without sanitization
Impact When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may be useful to an attacker in launching a more sophisticated attack. This vulnerability only impacts the JSPUI. This vulnerability does NOT impact...
Design/Logic Flaw
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...
CVE-2022-31189
The CVE-2022-31189 issue affects the DSpace JSPUI component. When an internal system error occurs in the JSPUI, the application exposes the entire exception stack trace, which can disclose sensitive information. Affected product: DSpace JSPUI (UI for the repository app). Root cause: unsealed erro...
CVE-2022-31189 "Internal System Error" page in DSpace JSPUI prints exceptions and stack traces without sanitization
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...
CVE-2022-31189 "Internal System Error" page in DSpace JSPUI prints exceptions and stack traces without sanitization
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. When an "Internal System Error" occurs in the JSPUI, then entire exception including stack trace is available. Information in this stacktrace may ...
PT-2022-20597 · Dspace · Dspace
Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 6.4 Description: When an "Internal System Error" occurs in the JSPUI, the entire exception, including the stack trace, is available. Information in this stacktrace may be useful to an attacker in launching a more...
Employee Leaves Management System Cross-Site Request Forgery Vulnerability
Employee Leaves Management System ELMS is an internal employee management system. A cross-site request forgery vulnerability exists in Employee Leaves Management System ELMS v2.1, which can be exploited by an attacker to change the details of any user profile, such as username, phone number, etc...
CVE-2022-29597
CVE-2022-29597 affects Solutions Atlantic Regulatory Reporting System (RRS) v500. It exposes a Local File Inclusion (LFI) vulnerability via the ShowDocument/ShowDocument.aspx page, where an authenticated user can abuse the fileName parameter to reference internal system files (eg. web.config) and...
Johnson Controls Metasys system 代码问题漏洞
Johnson Controls Metasys system is a building automation system from Johnson Controls. A code issue vulnerability exists in the Johnson Controls Metasys system that allows an attacker to identify and spoof requests to an internal system via specially crafted requests...
Microsoft and Okta Confirm Data Breach Claims by LAPSUS$
By Deeba Ahmed Both companies have confirmed the breach after Lapsus$ hackers leaked screenshots of Oktas internal system and source code… This is a post from HackRead.com Read the original post: Microsoft and Okta Confirm Data Breach Claims by LAPSUS$...
Sifchain: Possible Database Details stored in values.yaml
The database details like username and database name are disclosed in the below mentioned file. Assuming a blank password since the password field was empty. File Location : https://github.com/Sifchain/sifnode/blob/740331dad061ee0f5a3cf3798d429f294b70f0ae/deploy/helm/block-explorer/values.yaml I...
Server Side Request Forgery (SSRF)
github.com/thecodingmachine/gotenberg is vulnerable to Server Side Request Forgery SSRF. An attacker is able to send malicious requests on behalf of the application via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...
CVE-2021-23345
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery SSRF via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as...