Fortra GoAnywhere MFT Path Traversal Vulnerability

Fortra GoAnywhere MFT is a secure file transfer solution from Fortra USA. A security vulnerability exists in Fortra GoAnywhere MFT prior to version 7.4.2, which stems from the presence of a path traversal vulnerability that allows an attacker to bypass privilege checks on specific endpoints...

PT-2024-20789 · Unknown · Goanywhere Mft

Name of the Vulnerable Software and Affected Versions: GoAnywhere MFT versions prior to 7.4.2 Description: A path traversal issue exists, allowing attackers to circumvent endpoint-specific permission checks in the GoAnywhere Admin and Web Clients. Recommendations: For versions prior to 7.4.2,...

Fortinet FortiOS Privilage Escalation (FG-IR-23-315)

The version of FortiOS installed on the remote host is prior to tested version. It is, therefore, affected by an improper privilege management vulnerability CWE-269 in a FortiOS & FortiProxy HA cluster may allow an authenticated attacker to perform elevated actions via crafted HTTP or HTTPS...

WordPress Plugin LifterLMS Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

CVE-2022-43492 WordPress Comments – wpDiscuz plugin 7.4.2 - Auth. Insecure Direct Object References (IDOR) vulnerability

Auth. subscriber+ Insecure Direct Object References IDOR vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress...

Design/Logic Flaw

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

CVE-2022-31156

CVE-2022-31156 : Gradle’s dependency verification can skip checksum verification when signature verification cannot be performed. Affected versions: 6.2–7.4.2. If verification metadata contains only a gpg element (no checksum) or if there is no signature file on the remote repo, Gradle may accept...

CVE-2022-31156 Gradle's dependency verification can ignore checksum verification when signature verification cannot be performed

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

CVE-2022-1068

Modbus Tools Modbus Slave versions 7.4.2 and prior is vulnerable to a stack-based buffer overflow in the registration field. This may cause the program to crash when a long character string is used...

Grafana < 7.4.2 DoS Vulnerability

Grafana is prone to a denial of service DoS vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; yo...

Server side request forgery (ssrf)

IBM QRadar SIEM 7.4.2 GA to 7.4.2 Patch 1, 7.4.0 to 7.4.1 Patch 1, and 7.3.0 to 7.3.3 Patch 5 is vulnerable to server side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other...

CVE-2020-14175

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2...

CVE-2020-14175

Affected versions of Atlassian Confluence Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting XSS vulnerability in user macro parameters. The affected versions are before version 7.4.2, and from version 7.5.0 before 7.5.2...

PT-2020-19365 · Php +1 · Php +1

Name of the Vulnerable Software and Affected Versions: PHP versions 7.3.x through 7.3.14 PHP versions 7.4.x through 7.4.2 Description: The issue arises when extracting PHAR files on Windows using the phar extension. Certain content inside a PHAR file could lead to a one-byte read past the allocat...

LogicalDOC Enterprise 7.7.4 - Directory Traversal Vulnerability

Exploit for java platform in category web applications LogicalDOC Enterprise 7.7.4 Multiple Directory Traversal Vulnerabilities Vendor: LogicalDOC Srl Product web page: https://www.logicaldoc.com Affected version: 7.7.4 7.7.3 7.7.2 7.7.1 7.6.4 7.6.2 7.5.1 7.4.2 7.1.1 Summary: LogicalDOC is a free...

Cross site scripting

The issue search resource in Atlassian Jira before version 7.4.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting XSS vulnerability in the orderby parameter...

Open-Xchange (OX) App Suite Multiple Cross Site Scripting Vulnerabilities (Jun 2017)

Open-Xchange OX App Suite is prone to multiple cross-site scripting XSS vulnerabilities. Copyright C 2017 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later Thi...

CVE-2015-1588

Multiple cross-site scripting XSS vulnerabilities in Open-Xchange Server 6 and OX AppSuite before 7.4.2-rev43, 7.6.0-rev38, and 7.6.1-rev21...

NetIQ Sentinel Server Authentication Bypass and Arbitrary File Download

A vulnerability was discovered in NetIQ Sentinel Server that may allow remote attackers to disclose arbitrary file contents. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Open-Xchange (OX) App Suite Email Subject Cross Site Scripting Vulnerability

OpenX is prone to a cross-site scripting XSS vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...