143 matches found
Nginx Cloud Storage HTTP Splitting
The scanner has detected that the Nginx configuration has a directive location specified to query a cloud storage instance. However, it is possible to insert an arbitrary payload containing a line break, which allows a malicious attacker to change the cloud storage instance to be queried. It is...
Atlassian Confluence 6.4.3 < 6.6.1 Resource Attachment Content Spoofing
According to its self-reported version number, the Atlassian Confluence application running on the remote host is prior to version 6.6.1. It may, therefore, permit remote attackers to spoof web content in the Mozilla Firefox Browser through attachments that have a content-type of...
Server-Side Inclusion Injection
A Server-Side Include Injection vulnerability exists when an application embeds and evaluates unsafe user-controlled server-side include directives. By injecting a specific payload an attacker can leverage this vulnerability to conduct a remote code execution. No source data...
Oturia Smart Google Code Inserter Plugin for WordPress < 3.5 Multiple Vulnerabilities
The WordPress Oturia Smart Google Code Inserter Plugin installed on the remote host is affected by multiple vulnerabilities :\n\n - An Authentication Bypass which allows unauthenticated attackers to insert arbitrary JavaScript or HTML code via the sgcgoogleanalytic parameter.\n - An SQL Injection...
Drupal 10.0.x < 10.0.2 Information Disclosure
According to its self-reported version, the instance of Drupal running on the remote web server is 9.4.x prior to 9.4.10, 9.5.x prior to 9.5.2, or 10.0.x prior to 10.0.2. It is, therefore, affected by an information disclosure vulnerability in the Media Library module. Note that the scanner has n...
Apache Spark 3.3.0 Stored Cross-Site Scripting
A stored cross-site scripting XSS vulnerability in Apache Spark 3.2.1 and earlier, and 3.3.0, allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the logs which would be returned in logs rendered in the UI. Note that the...
phpMyAdmin 5.1.x < 5.1.3 Information Disclosure
The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.10 or 5.1.x prior to 5.1.3. It is, therefore, affected by an information disclosure that would reveal the path on disk where phpMyAdmin is running from. Note that the scanner has not tested for these issues but has...
phpMyAdmin 4.9.x < 4.9.10 Information Disclosure
The version of phpMyAdmin installed on the remote web server is 4.9.x prior to 4.9.10 or 5.1.x prior to 5.1.3. It is, therefore, affected by an information disclosure that would reveal the path on disk where phpMyAdmin is running from. Note that the scanner has not tested for these issues but has...
GLPI < 9.3.4 SQL Injection
GLPI in version 9.3.4 has an unauthenticated SQL Injection via the 'cycle' parameter of the 'unlocktasks.php' page. No source data...
GLPI Default Credentials
The scanner successfully authenticated on the GLPI web application by using predictable credentials on its login form. No source data...
DotNetNuke 5.x < 9.1.1 Remote Code Execution
DotNetNuke CMS versions 5.0.0 to 9.1.0 are affected by an insecure deserialization vulnerability that leads to Remote Code Execution RCE. DotNetNuke uses the DNNPersonalization cookie to store anonymous users personalization options. This cookie is used when the application serves a custom 404...
Okta Jira Authenticator < 3.1.5 Cross-Site Scripting
Okta Jira Authenticator toolkit versions below 3.1.5 suffer from a reflected Cross-Site Scripting XSS vulnerability. By injecting a specific payload in the osusername GET parameter, a remote unauthenticated attacker can execute arbitrary JavaScript code in the browser context of the target...
phpMyAdmin 5.0.x < 5.0.1 SQL Injection
The version of phpMyAdmin installed on the remote host does not correcty deal with malicious sql injected in place of a valid username when creating queries on the user accounts page leading to a SQL injection vulnerability. Note that the scanner has not tested for these issues but has instead...
phpMyAdmin 4.x < 4.8.5 Arbitary File Read
The version of phpMyAdmin installed on the remote host does not correctly block access to LOAD DATA INFILE function leading to an attacker being able to read any file on the filesystem accessible with the web server permissions. Note that the scanner has not tested for these issues but has instea...
Apache Struts 2.x < 2.5.29 Remote Code Execution (S2-062)
The fix issued for CVE-2020-17530 was incomplete. So from Apache Struts 2.0.0 to 2.5.29, still some of the tag's attributes could perform a double evaluation if a developer applied forced OGNL evaluation by using the %... syntax. Using forced OGNL evaluation on untrusted user input can lead to a...
Spring Boot Actuator Detected
This is an informational notice that the scanner was able to detect an accessible Spring Actuator. Actuator endpoints let you monitor and interact with your application. Spring Boot includes a number of built-in endpoints and lets you add your own. For example, the 'health' endpoint provides basi...
Jenkins Stapler < 2.138.4 LTS / 2.154 Remote Code Execution
A code execution vulnerability exists in the Stapler web framework used by Jenkins 2.153 and earlier, LTS 2.138.3 and earlier in stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not...
Basic Authentication Bruteforced
The scanner successfully authenticated on the target web application by using weak credentials in the request basic authentication HTTP header. No source data...
Microsoft Exchange Server Autodiscover Cross-Site Scripting
Microsoft Exchange Server versions 2019 before cumulative update 11, 2016 before cumulative update 22 and 2013 before cumulative update 23 are affected by a cross-site scripting vulnerability through the autodiscover/autodiscover.json endpoint. By crafting a specific URL, an attacker could target...
Virtual JDBC Remote Code Execution
Due to unsafe deserialization used in Virtual JDBC all versions allows an unauthenticated attacker with HTTP access to the service to obtain arbitrary code execution. No source data...