Advanced Custom Fields Pro for WordPress 6.0.x < 6.1.6 Cross-Site Scripting

The WordPress Advanced Custom Fields Pro Plugin installed on the remote host is affected by a Cross-Site Scripting. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

Design/Logic Flaw

A unverified password change in Fortinet FortiADC version 6.2.0 through 6.2.3, 6.1.x, 6.0.x, 5.x.x allows an authenticated attacker to bypass the Old Password check in the password change form via a crafted HTTP request...

Atlassian Confluence 6.1.x < 6.6.16 Local File Disclosure

According to its self-reported version number, the Atlassian Confluence application running on the remote host is 6.1.x /confluence/WEB-INF/ directory and it's subdirectories. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported...

EMC RSA Archer 6.1.x, 6.2.x, 6.3.x < 6.3.0.7 and 6.4.x < 6.4.0.1 SQL Injection Vulnerability

The version of EMC RSA Archer running on the remote web server is 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 or 6.4.x prior to 6.4.0.1. It is, therefore, affected by SQL Injection Vulnerability. See advisory for details. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid11221...

CVE-2018-11065

The WorkPoint component, which is embedded in all RSA Archer, versions 6.1.x, 6.2.x, 6.3.x prior to 6.3.0.7 and 6.4.x prior to 6.4.0.1, contains a SQL injection vulnerability. A malicious user could potentially exploit this vulnerability to execute SQL commands on the back-end database to read...

Atlassian Bamboo 6.1.x < 6.1.6 / 6.2.x < 6.2.5 Incorrect Permission Check RCE

According to its self-reported version number, the instance of Atlassian Bamboo running on the remote host is 6.1.x prior to 6.1.6 or 6.2.x prior to 6.2.5. It is, therefore, affected by multiple remote code execution vulnerabilities. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Palo Alto Networks PAN-OS 6.1.x < 6.1.17 / 7.0.x < 7.0.15 / 7.1.x < 7.1.10 / 8.0.x < 8.0.2 Multiple Vulnerabilities

The version of Palo Alto Networks PAN-OS running on the remote host is 6.1.x prior to 6.1.17, 7.0.x prior to 7.0.15, 7.1.x prior to 7.1.10, or 8.0.x prior to 8.0.2. It is, therefore, affected by multiple vulnerabilities : - A flaw exists in the GNU wget component when handling server redirects to...

Airwatch 6.1.x / 6.4.x LDAP Injection

https://www.osisecurity.com.au/airwatch-self-service-portal-username-parameter-ldap-injection.html Date: 04-Apr-2017 Product: AirWatch Self Service MDM Versions affected: v6.1.x v6.4.x Vulnerability: LDAP injection Example: https://target/DeviceManagement/ URL accepts the following POST parameter...

CVE-2017-3822

A vulnerability in the logging subsystem of the Cisco Firepower Threat Defense FTD Firepower Device Manager FDM could allow an unauthenticated, remote attacker to add arbitrary entries to the audit log. This vulnerability affects Cisco Firepower Threat Defense Software versions 6.1.x on the...

Splunk Enterprise Python Vulnerabilities (SP-CAAAPSR)

Splunk Enterprise is prone to multiple vulnerabilities in Python. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk";...

Splunk 6.1.x < 6.1.3 XSS Vulnerability - Active Check

Splunk is prone to a cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:splunk:splunk";...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Content Editing Wizards in TYPO3 4.5.x before 4.5.32, 4.7.x before 4.7.17, 6.0.x before 6.0.12, 6.1.x before 6.1.7, and the development versions of 6.2 allow remote authenticated users to inject arbitrary web script or HTML via unspecified...

Design/Logic Flaw

IBM WebSphere Application Server WAS 6.1.x before 6.1.0.45, 7.0.x before 7.0.0.25, 8.0.x before 8.0.0.5, and 8.5.x Full Profile before 8.5.0.1, when the PM44303 fix is installed, does not properly validate credentials, which allows remote authenticated users to obtain administrative access via...

IBM WebSphere Application Server Hash Collisions DoS Vulnerability (Jan 2012)

IBM WebSphere Application Server is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

IBM WebSphere Application Server WS-Security XML Encryption Weakness Vulnerability (May 2011)

IBM WebSphere Application Server is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Null pointer dereference

IBM solidDB 4.5.x before 4.5.182, 6.0.x before 6.0.1069, 6.1.x and 6.3.x before 6.3 FP8 aka 6.3.49, and 6.5.x before 6.5 FP4 aka 6.5.0.4 does not properly handle the 1 rpctestsvcreadwrite and 2 rpctestsvcdone commands, which allows remote attackers to cause a denial of service NULL pointer...

IBM WebSphere Application Server 6.1.x < 6.1.0.35, 7.x < 7.0.0.15 Multiple Vulnerabilities

IBM WebSphere Application Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...