GHSA-9HX7-C53C-V6X8 Kirby CMS has pre-authentication path traversal and PHP file inclusion during user lookup

TL;DR This vulnerability affects all Kirby sites on Kirby 5.3.0-5.4.0 and is independent from setup conditions and authentication. This vulnerability is of high severity for all Kirby sites. ---- Introduction Path traversal is a type of attack that allows to access arbitrary filesystem paths. By...

GHSA-6HCQ-HMM3-JJ3C Spring MVC and WebFlux has Server Sent Event stream corruption

Spring MVC and WebFlux applications are vulnerable to stream corruption when using Server-Sent Events SSE. This issue affects Spring Foundation: from 7.0.0 through 7.0.5, from 6.2.0 through 6.2.16, from 6.1.0 through 6.1.25, from 5.3.0 through 5.3.46...

EUVD-2018-3162

Malware in sbrugna...

CVE-2009-1178

Unspecified vulnerability in the server in IBM Tivoli Storage Manager TSM 5.3.x before 5.3.2 and 6.x before 6.1 has unknown impact and attack vectors related to the "admin command line."...

CVE-2023-45859

In Hazelcast through 4.1.10, 4.2 through 4.2.8, 5.0 through 5.0.5, 5.1 through 5.1.7, 5.2 through 5.2.4, and 5.3 through 5.3.2, some client operations don't check permissions properly, allowing authenticated users to access data stored in the cluster...

CVE-2022-31107 Grafana account takeover via OAuth vulnerability

Grafana is an open-source platform for monitoring and observability. In versions 5.3 until 9.0.3, 8.5.9, 8.4.10, and 8.3.10, it is possible for a malicious user who has authorization to log into a Grafana instance via a configured OAuth IdP which provides a login name to take over the account of...

EyesOfNetwork Cross-Site Scripting Vulnerability (CNVD-2020-49946)

EyesOfNetwork EON is an open source, free IT monitoring solution. The solution provides business process configuration tools, generates pop-up windows when events occur in the active queue, and more. eonweb is one of the web interfaces. A cross-site scripting vulnerability exists in EyesOfNetwork...

CVE-2018-8901

An issue was discovered in Ivanti Avalanche for all versions between 5.3 and 6.2. A local user with database access privileges can read the encrypted passwords for users who authenticate via LDAP to Avalanche services. These passwords are stored in the Avalanche databases. This issue only affects...

Security Bulletin: Various IBM WebSphere MQ Installers are susceptible to DLL-planting vulnerabilities (CVE-2016-2542 & CVE-2016-4560)

Summary Various IBM WebSphere MQ graphical user interface installers are susceptible to a DLL-planting vulnerability where a malicious DLL, that is present in the Windows search path, could be loaded by the operating system in place of the genuine file. The vulnerability affects Windows executabl...

Security Bulletin: Vulnerability in OpenSSL affects AIX (CVE-2018-0739)

Summary There is a vulnerability in OpenSSL used by AIX. Vulnerability Details CVEID: CVE-2018-0739 DESCRIPTION: Constructed ASN.1 types with a recursive definition such as can be found in PKCS7 could eventually exceed the stack given malicious input with excessive recursion. This could result in...

ILIAS Cross-Site Scripting Vulnerability (CNVD-2018-10348)

ILIAS is a Web-based learning management system developed by the ILIAS team. The system contains modules for course management, file sharing, and live chat. ILIAS version 5.3.x before 5.3.4 and version 5.2.x have Services/Form/classes/class.ilDateDurationInputGUI.php and...

ESA-2011-004: EMC Replication Manager remote code execution vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2011-004: EMC Replication Manager remote code execution vulnerability EMC Identifier: ESA-2011-004 CVE Identifier: CVE-2011-0647 Severity Rating: CVSS v2 Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C Affected products: EMC Replication Manager earlier...

PT-2009-5845 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions 5.3.x before 5.3.1 Description: The issue in PHP does not recognize the safe mode include dir directive, which allows context-dependent attackers to have an unknown impact by triggering the failure of PHP scripts that perform...

IRIX (5.3/6.2/6.3/6.4/6.5/6.5.11) /usr/lib/print/netprint Local Exploit

Exploit for irix platform in category local exploits ======================================================================= IRIX 5.3/6.2/6.3/6.4/6.5/6.5.11 /usr/lib/print/netprint Local Exploit ======================================================================= !/bin/sh copyright LAST STAGE ...

PT-1999-1646 · Dec · Openvms

Name of the Vulnerable Software and Affected Versions: Open VMS versions 5.3 through 5.5-2 Description: The issue allows attackers to conduct brute force password guessing due to improper disabling of access to user accounts that exceed the break-in limit threshold for failed login attempts. This...