9 matches found
Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL
Impact Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the authorize call used by the local-file branch. Key evidenc...
PT-2026-51646
Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.1 Description In S3-backed deployments, the system fails to perform authorization checks before generating temporary URLs for signature image retrieval. Authenticated users who possess a signature filename can...
CVE-2022-37774
There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document pdf, email from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL https://url/tmp/M...
The vulnerability of the MinIO object storage server, related to authentication errors, allows attackers to bypass the readOnly policy and compromise the integrity of the protected information.
The vulnerability of the MinIO object storage server is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass the readOnly policy and compromise the integrity of the protected information by creating a temporary URL address “mc share upload”...
Zarafa Collaboration Platform zarafa-autorespond Privilege Gain Vulnerability
Zarafa Collaboration Platform ZCP is a suite of open source email and calendar software from Zarafa, Netherlands. A security vulnerability exists in zarafa-autorespond in versions of ZCP prior to 7.2.1. A local attacker can exploit this vulnerability to gain privileges by performing a symbolic li...
DEBIAN-CVE-2015-5223
OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...
Mirabilis ICQ 2000.0 A Mailclient Temporary Link Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1307/info While using ICQmailclient, the user creates a temporary internet link created in a default temporary directory, which remains even after the user signs out or closes ICQ. This link may be re-opened by another...
Mirabilis ICQ 2000.0 A - Mailclient Temporary Link
Mirabilis ICQ 2000.0 A - Mailclient Temporary Link source: https://www.securityfocus.com/bid/1307/info While using ICQmailclient, the user creates a temporary internet link created in a default temporary directory, which remains even after the user signs out or closes ICQ. This link may be...
Mirabilis ICQ 2000.0 A - Mailclient Temporary Link
source: https://www.securityfocus.com/bid/1307/info While using ICQmailclient, the user creates a temporary internet link created in a default temporary directory, which remains even after the user signs out or closes ICQ. This link may be re-opened by another user, thus giving them full access t...