257 matches found
GHSA-Q874-G24W-4Q9G vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server...
GHSA-82V2-F875-73G9 Wildfly Authorization Misconfiguration
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...
Wildfly Authorization Misconfiguration
A flaw was found in wildfly-core before 7.2.5.GA. The Management users with Monitor, Auditor and Deployer Roles should not be allowed to modify the runtime state of the server...
phpMyAdmin SSRF in replication
phpMyAdmin 4.0, 4.4 and 4.6 are vulnerable to a weakness where a user with appropriate permissions is able to connect to an arbitrary MySQL server...
KLA12527 Elevation of privilege vulnerability in Microsoft Server Software
Elevation of privilege vulnerability was found in Microsoft Server Software. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2022-21978 Related products Microsoft-Exchange-Server CVE list CVE-2022-21978 critical KB list 5014261 5014260 Solution Install...
CVE-2022-24888 Possible Injection in Nextcloud Server
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Prior to versions 20.0.14.4, 21.0.8, 22.2.4, and 23.0.1, it is possible to create files and folders that have leading and trailing \n, \r, \t, and \v characters. The server rejects files and folders...
WSVuls - Website Vulnerability Scanner Detect Issues (Outdated Server Software And Insecure HTTP Headers)
WSVuls Website vulnerability scanner detect issues outdated server software and insecure HTTP headers. What's WSVuls? WSVuls is a simple and powerful command line tool for Linux, Windows and macOS. It's designed for developers/testers and for those workers in IT who want to test vulnerabilities a...
KLA12342 Multiple vulnerabilities in Microsoft Server Software
Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to perform cross-site scripting attack, execute arbitrary code, spoof user interface. Below is a complete list of vulnerabilities: 1. A spoofing vulnerability in Microsoft Exchange...
KLA12314 Multiple vulnerabilities in Microsoft Server Software
Multiple vulnerabilities were found in Microsoft Server Software. Malicious users can exploit these vulnerabilities to gain privileges, spoof user interface, execute arbitrary code, cause denial of service. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerability in...
ManageEngine ADSelfService Plus has been abused in the wild due to a zero-day vulnerability
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. An APT actor is attempting to exploit a zero-day vulnerability in ManageEngine ADSelfService Plus, a self-service password management and single sign-on solution that poses a high risk to critical infrastructure companies,...
CVE-2021-40385
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin...
Privilege escalation
An issue was discovered in the server software in Kaseya Unitrends Backup Software before 10.5.5-2. There is a privilege escalation from read-only user to admin...
NCH Quorum Cross-Site Scripting Vulnerability
NCH Quorum is a teleconference server software. It can turn any computer into a conference call server. A cross-site scripting vulnerability exists in NCH Quorum, which stems from the product's /conferencebrowseuploadfile?confid=failure to properly handle user input data and can be exploited to...
DLA-2710-2 rabbitmq-server - regression update
Bulletin has no description...
SUSE-SU-2021:2147-1 Security update for freeradius-server
This update for freeradius-server fixes the following issues: - Fixed plaintext password entries in logfiles bsc1184016...
SUSE: Security Advisory (SUSE-SU-2012:0706-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
What Is Slowloris DDoS Attack❓ Mitigation methods
Slowloris is a DDoS attack software created by Robert “RSnake” Hansen. The software allows a single computer to take on a web server. The attack’s simple but elegant nature means it does not require much bandwidth to carry out its attack on the server of the target webserver with minimal or no si...
CVE-2021-1221
The CVE-2021-1221 issue affects Cisco Webex Meetings and Webex Meetings Server UI. It arises from insufficient input validation that lets an authenticated, remote attacker inject a hyperlink into a meeting invitation email by entering a URL into a UI field. A successful exploit could generate an ...
SQL Injection Vulnerability in frontend of wise on-demand server software
wise on-demand server software is server-side distribution software that provides streaming playback of audio and video files. A SQL injection vulnerability exists in the frontend of the sewise VOD server software. An attacker can exploit the vulnerability to obtain sensitive database information...
HPE iLO Amplifier Pack server Remote Code Execution Vulnerability
HPE IlO Amplifier Pack is a database management software for use in clustered environments from HPE, USA. The software supports Gen8, Gen9 and Gen10 Hewlett Packard Enterprise automatic update of firmware, drivers, support for manual or automatic recovery of firmware damage to the system, maximiz...