6 matches found
PT-2023-18607 · F5 · F5Os-A +1
Name of the Vulnerable Software and Affected Versions: F5OS-A versions 1.2.0 through 1.2.x F5OS-C versions 1.3.0 through 1.4.x Description: The issue allows for command injection when processing F5OS tenant file names. This may potentially lead to unauthorized access or control. No information is...
Spring Cloud Config 2.1.x - Path Traversal (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Spring Cloud Config Server Directory Traversal', 'Description' = %q This module exploits an unauthenticated directory traversal vulnerability whi...
Cross site scripting
Cross-site scripting XSS vulnerability in Apache Wicket 1.4.x before 1.4.22, 1.5.x before 1.5.10, and 6.x before 6.4.0 might allow remote attackers to inject arbitrary web script or HTML via vectors related to tags in a rendered response...
CVE-2013-4351
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared no usage permitted as if it has all bits set all usage permitted, which might allow remote attackers to bypass intended cryptographic protection mechanisms by leveraging the subkey...
DEBIAN-CVE-2012-0041
The dissectpacket function in epan/packet.c in Wireshark 1.4.x before 1.4.11 and 1.6.x before 1.6.5 allows remote attackers to cause a denial of service application crash via a long packet in a capture file, as demonstrated by an airopeek file...
CVE-2011-1957
The dissectdcmmain function in epan/dissectors/packet-dcm.c in the DICOM dissector in Wireshark 1.2.x before 1.2.17 and 1.4.x before 1.4.7 allows remote attackers to cause a denial of service infinite loop via an invalid PDU length...