56 matches found
curl: CVE-2025-14524: bearer token leak on cross-protocol redirect
Summary: A vulnerability exists in libcurl regarding the handling of OAuth2 Bearer tokens CURLOPTXOAUTH2BEARER during HTTP redirects. While libcurl correctly clears standard authentication credentials CURLOPTUSERPWD when following a redirect to a different host, port, or protocol a security...
PT-2025-46206
Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 8.5.0-alpha.5 Description Parse Server, an open-source backend deployable on Node.js infrastructures, allows any client to execute MongoDB explain queries without requiring the master key. The explain method...
EUVD-2015-4221
Malware in sbrugna...
CVE-2015-7342
JNews Joomla Component before 8.5.0 allows SQL injection via upload thumbnail, Queue Search Field, Subscribers Search Field, or Newsletters Search Field...
Microsoft Azure CycleCloud 访问控制错误漏洞
Microsoft Azure CycleCloud is a suite of enterprise-friendly tools from Microsoft Corporation USA for orchestrating and managing high-performance computing HPC environments on Azure. An access control error vulnerability exists in Microsoft Azure CycleCloud. An attacker exploiting this...
Apache Tomcat 8.5.0 < 8.5.12
The version of Tomcat installed on the remote host is prior to 8.5.12. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.12security-8 advisory. - While investigating bug 60718, it was noticed that some calls to application listeners in Apache Tomcat 9.0.0.M...
Apache Tomcat 8.5.0 < 8.5.38
The version of Tomcat installed on the remote host is prior to 8.5.38. It is, therefore, affected by a vulnerability as referenced in the fixedinapachetomcat8.5.38security-8 advisory. - The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.14 and 8.5.0 to 8.5.37 accepted streams with excessi...
Apache Tomcat 8.5.0 < 8.5.64 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.5.64. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.64security-8 advisory. - Apache Tomcat 8.5.0 to 8.5.63, 9.0.0-M1 to 9.0.43 and 10.0.0-M1 to 10.0.2 did not properly validate...
Apache Tomcat Multiple DoS Vulnerabilities (Mar 2024) - Linux
Apache Tomcat is prone to multiple denial of service DoS vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Apache Tomcat 8.5.0 < 8.5.99 multiple vulnerabilities
The version of Tomcat installed on the remote host is prior to 8.5.99. It is, therefore, affected by multiple vulnerabilities as referenced in the fixedinapachetomcat8.5.99security-8 advisory. - Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket...
Security Bulletin: Multiple vulnerabilities in IBM Java Runtime affect Content Manager Enterprise Edition 8.5.0 (CVE-2016-3449, CVE-2016-0264)
Summary There are multiple vulnerabilities in IBM® Runtime Environment Java™ Version 7 that is used by Content Manager Enterprise Edition. These issues were disclosed as part of the IBM Java SDK updates in April 2016. Vulnerability Details If you run your own Java code using the IBM Java Runtime...
Atlassian Confluence SSTI Injection
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Atlassian Confluence SSTI Injection', 'Description' = %q This module exploits an SSTI injection in Atlassian Confluence servers. A specially...
Atlassian Confluence SSTI Injection
This module exploits an SSTI injection in Atlassian Confluence servers. A specially crafted HTTP request uses the injection to evaluate an OGNL expression resulting in OS command execution. Versions 8.5.0 through 8.5.3 and 8.0 to 8.4 are known to be vulnerable. Module Options msf use...
Oracle Linux 8 : tomcat (ELSA-2024-0125)
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0125 advisory. - Open Redirect vulnerability in FORM authentication CVE-2023-41080 - FileUpload: DoS due to accumulation of temporary files on Windows CVE-2023-42794 ...
Atlassian Confluence Unauthenticated Remote Code Execution
This module exploits an improper input validation issue in Atlassian Confluence, allowing arbitrary HTTP parameters to be translated into getter/setter sequences via the XWorks2 middleware and in turn allows for Java objects to be modified at run time. The exploit will create a new administrator...
CVE-2023-42795
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...
CVE-2023-42795
Incomplete Cleanup vulnerability in Apache Tomcat.When recycling various internal objects in Apache Tomcat from 11.0.0-M1 through 11.0.0-M11, from 10.1.0-M1 through 10.1.13, from 9.0.0-M1 through 9.0.80 and from 8.5.0 through 8.5.93, an error could cause Tomcat to skip some parts of the recycling...
CVE-2023-34985
A improper neutralization of special elements used in an os command 'os command injection' in Fortinet FortiWLM version 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4 allows attacker to execute unauthorized code or commands via specifically crafted HTTP get request parameters...
PT-2023-6145 · Fortinet · Fortiwlm
Name of the Vulnerable Software and Affected Versions: Fortinet FortiWLM versions 8.5.0 through 8.5.4 Fortinet FortiWLM versions 8.6.0 through 8.6.5 Description: The issue exists due to improper neutralization of special elements used in an operating system command, allowing for os command...
CVE-2023-41080
URL Redirection to Untrusted Site 'Open Redirect' vulnerability in FORM authentication feature Apache Tomcat.This issue affects Apache Tomcat: from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.0.12, from 9.0.0-M1 through 9.0.79 and from 8.5.0 through 8.5.92. Older, EOL versions may als...