59 matches found
Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and reside...
CVE-2021-34794
A vulnerability in the Simple Network Management Protocol version 3 SNMPv3 access control functionality of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to query SNMP data. This vulnerability is due t...
Deserialization of untrusted data
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....
CVE-2020-36239
CVE-2020-36239 affects Jira Data Center, Jira Core Data Center, Jira Software Data Center (versions prior to 8.5.16 for 6.3.0 line, prior to 8.13.8 for 8.6.0 line, prior to 8.17.0 for 8.14.0 line) and Jira Service Management Data Center (prior to 4.5.16 for 2.0.2 line, prior to 4.13.8 for 4.6.0 l...
CVE-2020-36239
Jira Data Center, Jira Core Data Center, Jira Software Data Center from version 6.3.0 before 8.5.16, from 8.6.0 before 8.13.8, from 8.14.0 before 8.17.0 and Jira Service Management Data Center from version 2.0.2 before 4.5.16, from version 4.6.0 before 4.13.8, and from version 4.14.0 before 4.17....
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
Jira Data Center & Jira Service Management Data Center - Missing Authentication for Ehcache RMI - CVE-2020-36239
h3. Issue Summary Jira Data Center, Jira Core Data Center, Jira Software Data Center, and Jira Service Management Data Center exposed a Ehcache RMI network service which attackers, who can connect to the service, on port 40001 and potentially 40011 012, could execute arbitrary code of their choic...
PT-2020-13796
Name of the Vulnerable Software and Affected Versions Apache APISIX versions 1.2 through 1.5 Description The issue arises when the Admin API is enabled and the Admin API access IP restriction rules are deleted in Apache APISIX. This allows the default token to access APISIX management data...
The vulnerability of the Cisco IOS XE operating system, related to the lack of measures taken to clean data at the management level, allows attackers to enhance their privileges and execute arbitrary code.
The vulnerability of the Cisco IOS XE operating system is related to the lack of measures taken to clean data at the management level. Exploiting this vulnerability can allow a malicious actor to enhance their privileges and execute arbitrary code...
CVE-2018-1668
IBM DataPower Gateway 7.5.0.0 through 7.5.0.19, 7.5.1.0 through 7.5.1.18, 7.5.2.0 through 7.5.2.18, and 7.6.0.0 through 7.6.0.11 appliances allows "null" logins which could give read access to IPMI data to obtain sensitive information. IBM X-Force ID: 144894...
Cisco Prime Infrastructure Authentication Bypass API Vulnerability (cisco-sa-20160629-piauthbypass) - Active Check
A vulnerability in the application programming interface API of Cisco Prime Infrastructure could allow an unauthenticated, remote attacker to access and control the API resources. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and ar...
The vulnerability of the Cisco IOS operating system, which allows a malicious individual to gain administrator privileges
Cisco IOS software contains vulnerabilities that allow a remote attacker to gain remote access to device management data via SNMP protocol. This can result in the attacker obtaining administrative privileges...
Code injection
Cisco Wireless LAN Controller WLC devices with software 7.0240.0, 7.3101.0, and 7.41.19 allow remote attackers to cause a denial of service device outage by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236...
CVE-2015-6311
Cisco Wireless LAN Controller WLC devices with software 7.0240.0, 7.3101.0, and 7.41.19 allow remote attackers to cause a denial of service device outage by sending malformed 802.11i management data to a managed access point, aka Bug ID CSCub65236...
CVE-2015-6468
CVE-2015-6468 is a CSRF vulnerability in Resource Data Management’s Web-based Data Manager, affected versions prior to 2.2. The issue enables an attacker to hijack an authenticated user’s session and perform unintended actions on trusted pages via CSRF vectors (details not specified in the provid...
Empire(EmpireCMS)cms 6.6 the background to get shell-vulnerability warning-the black bar safety net
Previous 6. 5http://www.badguest.cn/Article/201011/78510.htmlsomeone hair of the method is that the background---system setup---the management data table---management system models---import new module,directly put the modified php shell was renamed the shell. php. mod uploaded, the new version us...
Empire cms backstage to get a shell vulnerability and fix-vulnerability warning-the black bar safety net
The first method: add a custom page 6.0 on experiment success Template management - add custom page - page name casually--file name: xx. asp;. html--the page content--pony copy the contents into it Save the post and then the Admin page Click you can go see your horse, generally in the root...
DEBIAN-CVE-2006-6101
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...
Detectoid for System Center 2012 R2 - Data Protection Manager UI
Detectoid for System Center 2012 R2 - Data Protection Manager UI...