Lucene search
K

9 matches found

Github Security Blog
Github Security Blog
added 2026/06/23 11:11 p.m.12 views

Snipe-IT's S3 signature image retrieval lacks authorization before temporary URL

Impact Snipe-IT S3 signature image retrieval lacks authorization before temporary URL. On S3-backed deployments, authenticated users who know a signature filename can obtain a 5-minute signed S3 URL because the S3 branch returns before the authorize call used by the local-file branch. Key evidenc...

5.3CVSS5.8AI score0.00281EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/23 12:0 a.m.8 views

PT-2026-51646

Name of the Vulnerable Software and Affected Versions Snipe-IT versions prior to 8.6.1 Description In S3-backed deployments, the system fails to perform authorization checks before generating temporary URLs for signature image retrieval. Authenticated users who possess a signature filename can...

5.3CVSS5.9AI score0.00281EPSS
Exploits0References9
OSV
OSV
added 2022/11/23 12:15 a.m.4 views

CVE-2022-37774

There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. When accessing some specific document pdf, email from an archive, a preview is proposed by the application. This preview generates a URL including an md5 hash of the file accessed. The document's URL https://url/tmp/M...

5.3CVSS5.8AI score0.00516EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/07/06 12:0 a.m.8 views

The vulnerability of the MinIO object storage server, related to authentication errors, allows attackers to bypass the readOnly policy and compromise the integrity of the protected information.

The vulnerability of the MinIO object storage server is related to authentication errors. Exploiting this vulnerability allows a malicious actor to bypass the readOnly policy and compromise the integrity of the protected information by creating a temporary URL address “mc share upload”...

7.7CVSS6.8AI score0.01321EPSS
Exploits1References6Affected Software2
CNVD
CNVD
added 2016/01/13 12:0 a.m.5 views

Zarafa Collaboration Platform zarafa-autorespond Privilege Gain Vulnerability

Zarafa Collaboration Platform ZCP is a suite of open source email and calendar software from Zarafa, Netherlands. A security vulnerability exists in zarafa-autorespond in versions of ZCP prior to 7.2.1. A local attacker can exploit this vulnerability to gain privileges by performing a symbolic li...

8.4CVSS6.9AI score0.00435EPSS
Exploits0References1
OSV
OSV
added 2015/10/26 5:59 p.m.3 views

DEBIAN-CVE-2015-5223

OpenStack Object Storage Swift before 2.4.0 allows attackers to obtain sensitive information via a PUT tempurl and a DLO object manifest that references an object in another container...

5CVSS7AI score0.02583EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.21 views

Mirabilis ICQ 2000.0 A Mailclient Temporary Link Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1307/info While using ICQmailclient, the user creates a temporary internet link created in a default temporary directory, which remains even after the user signs out or closes ICQ. This link may be re-opened by another...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2000/06/06 12:0 a.m.10 views

Mirabilis ICQ 2000.0 A - Mailclient Temporary Link

Mirabilis ICQ 2000.0 A - Mailclient Temporary Link source: https://www.securityfocus.com/bid/1307/info While using ICQmailclient, the user creates a temporary internet link created in a default temporary directory, which remains even after the user signs out or closes ICQ. This link may be...

Exploits0
Exploit DB
Exploit DB
added 2000/06/06 12:0 a.m.29 views

Mirabilis ICQ 2000.0 A - Mailclient Temporary Link

source: https://www.securityfocus.com/bid/1307/info While using ICQmailclient, the user creates a temporary internet link created in a default temporary directory, which remains even after the user signs out or closes ICQ. This link may be re-opened by another user, thus giving them full access t...

7AI score
Exploits0
Rows per page
Query Builder