10 matches found
EUVD-2024-53538
Malicious code in bioql PyPI...
CVE-2024-57177
A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...
CVE-2024-57177
A host header injection vulnerability exists in the NPM package of perfood/couch-auth = 0.21.2. By sending a specially crafted host header in the email change confirmation request, it is possible to trigger a SSTI which can be leveraged to run limited commands or leak server-side information...
CVE-2023-20272
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this...
Input validation
A vulnerability in the web-based management interface of Cisco Identity Services Engine could allow an authenticated, remote attacker to upload malicious files to the web root of the application. This vulnerability is due to insufficient file input validation. An attacker could exploit this...
PT-2023-7110 · Cisco · Cisco Identity Services Engine
Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine affected versions not specified Description: The issue is related to insufficient file input validation in the web-based management interface, allowing an authenticated, remote attacker to upload malicious files...
Exposure of Sensitive Information to an Unauthorized Actor in blair2004/nexopos-4x
Description Unhandled exception leads to exposure of server side and sql query information. Proof of Concept 1. Go to demo page http://v4.nexopos.com and login using demo account 2. Go to Customer - Create coupon and try to create a coupon without entering coupon code leave it empty 3. See that t...
Horde and IMP test disclosure
The remote server is running Horde and/or IMP with test scripts available from the outside. The scripts may leak server-side information that is valuable to an attacker. OpenVAS Vulnerability Test $Id: hordetestdisclosure.nasl 6056 2017-05-02 09:02:50Z teissa $ Description: Horde and IMP test...
Horde Information Disclosure Vulnerability (Nov 2005) - Active Check
Horde is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2004 Sverre H. Huseby Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Horde test.php Direct Reqest Information Disclosure
The remote server is running Horde or a related project along with one or more test scripts. These scripts may leak server-side information that is valuable to an attacker. %NASLMINLEVEL 70300 This script was written by Sverre H. Huseby See the Nessus Scripts License for details Changes by Tenabl...