143 matches found
Ivanti Connect Secure 9.x / 22.x Authentication Bypass
Ivanti Connect Secure 9.x, 22.x suffers from an authentication bypass vulnerability. By crafting a specific HTTP request, a remote and unauthenticated attacker could exploit this vulnerability to bypass authentication and authorization requirements. No source data...
Atlassian Confluence 7.13.x < 7.19.17 Remote Code Execution
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.x prior to 7.19.17, 8.x prior to 8.5.5 or 8.6.x prior to 8.7.2. It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for thes...
Atlassian Confluence 8.x < 8.5.5 Remote Code Execution
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.x prior to 7.19.17, 8.x prior to 8.5.5 or 8.6.x prior to 8.7.2. It is, therefore, affected by a remote code execution vulnerability. Note that the scanner has not tested for thes...
JavaScript Source Map Detected
Developers often combine and minify their application JavaScript sources to help the server delivering it more efficiently to the client browsers. Sometimes, web applications JavaScript code may also be transpiled from another language like CoffeeScript of TypeScript. A source map is a file that...
SAP NetWeaver KW Reflected Cross-Site Scripting
A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. No source data...
Apache Tomcat 11.0.0-M1 < 11.0.0-M11 Open Redirect
The version of Apache Tomcat installed on the remote host is 8.5.0 to 8.5.92, 9.0.0-M1 to 9.0.79, 10.1.0-M1 to 10.1.12 or 11.0.0-M1 to 11.0.0-M10. If the ROOT default web application is configured to use FORM authentication then it is possible that a specially crafted URL could be used to trigger...
MediaWiki < 1.17.2 Deleted Text Exposure
According to its self-reported version number, the instance of MediaWiki hosted on the remote web server is prior to 1.17.2 or 1.18.x prior to 1.18.1. It is, therefore, affected by a flaw which may allow remote attackers to view deleted text via the prop=revisions parameter. Note that the scanner...
Atlassian Confluence 7.14.0 < 7.19.8 < Remote Code Execution
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.1.0 prior to 7.13.20, 6.1.0 prior to 7.19.8 or 6.1.0 prior to 8.2.0. It is, therefore, affected by a Remote Code Execution flaw which permits remote attackers to execute arbitary co...
GeoServer SQL Injection
The GeoServer instance installed on the remote host is affected by a SQL injection vulnerability due to improper sanitization through an OGC Common Query Language query. No source data...
Pprof Debug Files Detected
Pprof is a tool for visualization and analysis of profiling data. Output files may be located inside a hidden directory named debug/pprof/ & When exposed with the web application configuration, the files contained in this directory may expose sensitive information such as internal memory addresse...
WP Show Posts Plugin for WordPress < 1.1.4 Cross-Site Scripting
The WordPress WP Show Posts Plugin installed on the remote host is affected by a cross-site scripting vulnerability. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...
Qwik < 0.21.0 Code Injection
Qwik in version 0.21.0 provides an extended serialization mechanism for exchanging data between the client and server. Through a specially crafted request on the endpoint /q-data.json, an unauthenticated attacker is able to inject code and execute arbitrary commands No source data...
Apache Tomcat 8.5.x < 8.5.86 Information Disclosure
The version of Apache Tomcat installed on the remote host is 8.5.x prior to 8.5.86, 9.0.0-M1 prior to 9.0.72, 10.1.0-M1 prior to 10.1.6 or 11.0.0-M1 prior to 11.0.0-M3. It is, therefore, affected by an information disclosure due to the RemoteIpFilter. Note that the scanner has not attempted to...
Atlassian Jira < 7.6.0 Xss In SearchRequest.xml Resource
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 7.6.0. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability through...
Atlassian Jira < 5.0.1 Arbitrary File Reads
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 5.0.1. It does, therefore, not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to read arbitrary files or cause a denial of servic...
Atlassian Jira < 8.5.4 Dos Through Gadget API
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 8.5.4 or 8.6.0 prior to 8.6.1. It is, therefore, affected by a vulnerability which permits remote attackers to make Jira unresponsive via repeated requests to a certai...
Atlassian Jira < 8.9.0 Improper Authorization In Project Administration
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.9.0. It is, therefore, affected by a vulnerability which permits remote attackers to obtain information about custom project avatars via an improper authorization...
Atlassian Confluence 7.13.9 < 7.13.12 Embedded Spring-Beans Denial Of Service
According to its self-reported version number, the Atlassian Confluence application running on the remote host is 7.13.9 prior to 7.13.12, 7.19.0 prior to 7.19.3. It is, therefore, affected by a Denial of Service DoS attack vulnerability when relying on attacker controlled data binding to set a...
Atlassian Jira 8.6.x < 8.8.2 WYSIWYG Editor Cross-Site Scripting
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to 8.5.9 or 8.6.x prior to 8.8.2. It is, therefore, affected by a vulnerability which permits remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting X...
Nginx Cloud Storage HTTP Splitting
The scanner has detected that the Nginx configuration has a directive location specified to query a cloud storage instance. However, it is possible to insert an arbitrary payload containing a line break, which allows a malicious attacker to change the cloud storage instance to be queried. It is...