Exploit for CVE-2020-1938

Ghostcat - CVE-2020-1938 Exploit Lee archivos del Tomcat via AJP...

CVE-2026-29129

A flaw was found in Apache Tomcat. This vulnerability occurs when the configured cipher preference order is not preserved. This could allow an attacker to bypass intended security configurations, potentially leading to a weakened security posture or information disclosure. Mitigation Configure...

CVE-2026-25854

A flaw was found in Apache Tomcat. This open redirect vulnerability allows an attacker to redirect a user to an untrusted site. This occurs through the LoadBalancerDrainingValve, which can be exploited to manipulate URL redirection. The primary impact is that users may be unknowingly directed to...

CVE-2021-27184

Pelco Digital Sentry Server 7.18.72.11464 has an XML External Entity vulnerability exploitable via the DTD parameter entities technique, resulting in disclosure and retrieval of arbitrary data on the affected node via an out-of-band OOB attack. The vulnerability is triggered when input passed to...

EUVD-2019-1044

Malware in sbrugna...

CVE-2021-27604

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform Process Integration - Enterprise Service Repository JAVA Mappings, versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note...

foreman: World readable file containing secrets

A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable...

Oracle Linux 8 : mariadb:10.3 (ELSA-2019-3708)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2019-3708 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 5.6....

CVE-2021-26550

An issue was discovered in SmartFoxServer 2.17.0. Cleartext password disclosure can occur via /config/server.xml...

mysql: Server: XML unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

mysql: Server: XML unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

mysql: Server: XML unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

mysql: Server: XML unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

Amazon Linux AMI : mysql57 (ALAS-2019-1297)

A stack-based buffer overflow vulnerability in the 'Server: Packaging cURL' subcomponent could allow an unauthenticated attacker to gain complete control of an affected instance of MySQL Server. CVE-2019-3822 Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML...

MariaDB 10.3.0 < 10.3.17 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is prior to 10.3.17. It is, therefore, affected by multiple vulnerabilities as referenced in the 10.3.17 advisory. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: InnoDB. Supported versions that are affected are 5.7.2...

mysql: Server: XML unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

mysql: Server: XML unspecified vulnerability (CPU Jul 2019)

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

ALPINE-CVE-2019-2740

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

UBUNTU-CVE-2019-2740

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: XML. Supported versions that are affected are 5.6.44 and prior, 5.7.26 and prior and 8.0.16 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to...

Oracle MySQL Server Component Access Control Error Vulnerability (CNVD-2019-26670)

Oracle MySQL is an open source relational database management system from Oracle Corporation, of which MySQL Server is a database server component. A component access control error vulnerability exists in the Server: XML subcomponent of the MySQL Server component of Oracle MySQL, versions 5.6.44...