CVE-2024-31136

In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter...

Directory traversal

Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special...

CVE-2021-43800 Asset directory traversal with some storage modules on Windows

Wiki.js is a wiki app built on Node.js. Prior to version 2.5.254, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled on a Windows host. A malicious user can potentially read any file on the file system by crafting a special...

X-STREAM enhanced XEGP Authorization Issues Vulnerability

The Emerson Rosemount X-STREAM Gas Analyzer is an Emerson gas analyzer for industrial environments. The device supports up to five component gas analyzers and features NDIR/UV/VIS photometry, paramagnetic and electrochemical O2, thermal conductivity and humidity sensors. X-STREAM enhanced XEGP Al...

CVE-2020-15236

In Wiki.js before version 2.5.151, directory traversal outside of Wiki.js context is possible when a storage module with local asset cache fetching is enabled. A malicious user can potentially read any file on the file system by crafting a special URL that allows for directory traversal. This is...

Information disclosure

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL...

CVE-2016-8271

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL...

CVE-2016-8271

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL...

CVE-2016-8271

Huawei eSpace IAD V300R002C01SPC100 and earlier versions have an information leak vulnerability; an attacker can check and download the fault information by accessing a special URL...

McAfee Data Loss Prevention Endpoint EPO Extended Information Disclosure Vulnerability

McAfee Data Loss Prevention Endpoint DLPe is an integrated endpoint data protection solution from the U.S. company McAfee McAfee. A security vulnerability in the McAfee Data Loss Prevention Endpoint DLPe epo extension allows remote attackers to submit a special URL request to obtain sensitive...

XSS Vulnerability in MediaElement.js - ownCloud

A cross-site scripting XSS vulnerability in all ownCloud versions prior to 5.0.5 including the 4.5.x branch allows remote attackers to execute arbitrary javascript when a user opens a special crafted URL. This vulnerability exists in the bundled 3rdparty plugin "MediaElement.js", "MediaElement.js...

Proviso SiteKiosk File Download Vulnerability

Proviso SiteKiosk File Download Vulnerability x Vendor Information: "SiteKiosk is a software for public access internet terminals and lets you turn any computer into a secure multilanguage Internet terminal already 20 different languages included, allowing the user to access the Internet but...