Lucene search

K

CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

nessus
nessus

Web Cache Poisoning Denial of Service

A caching system has been detected on the application and is vulnerable to web cache poisoning. By manipulating specific unkeyed inputs (headers or cookies that are not included when generating the cache key) it was possible to force the caching system to cache a response that contains...

6.9AI Score

2023-08-30 12:00 AM
11
nessus
nessus

N-able N-central Web Interface Detection

The web interface for N-able N-central was detected on the remote...

7.5AI Score

2024-01-10 12:00 AM
5
nessus
nessus

Oracle WebLogic Web Services Test Client Detection

Oracle WebLogic Web services test client was detected on the remote...

1.3AI Score

2019-01-28 12:00 AM
11
cvelist

7.5CVSS

8.2AI Score

0.001EPSS

2022-10-11 12:00 AM
nessus
nessus

QNAP QTS/QES/QuTS hero - Web Detection

Detects the web interface for QNAP QTS/QES/QuTS hero on the remote...

0.8AI Score

2021-11-29 12:00 AM
24
nessus
nessus

SAP BusinessObjects Business Intelligence Platform Web Detection.

SAP BusinessObjects Business Intelligence Platform web interface detected on remote...

0.8AI Score

2021-02-08 12:00 AM
13
nessus
nessus

D-Link DIR Router Web Interface Detection

Nessus was able to detect the web interface for a D-Link DIR router on the remote...

1.3AI Score

2017-09-11 12:00 AM
10
nessus
nessus

Emerson SM-Ethernet Web Interface Default Credentials

It was possible to log into the remote Emerson SM-Ethernet web interface by providing the default credentials. A remote attacker can exploit this to gain administrative...

4.3AI Score

2015-12-01 12:00 AM
7
nessus
nessus

Honeywell XL Web Controller FTP Directory Traversal

The remote host is a Honeywell XL Web SCADA controller that is running a firmware version affected by a directory traversal vulnerability in the FTP server. A remote, unauthenticated attacker can exploit this to gain access to the web root...

2.2AI Score

2015-03-26 12:00 AM
17
nessus
nessus

EMC Cloud Tiering Appliance Web Interface Detection

The remote web server is the user interface for EMC Cloud Tiering Appliance (CTA), an appliance-based solution for file tiering, archiving and...

2.9AI Score

2014-04-07 12:00 AM
6
nessus
nessus

Tridium Niagara AX Web Server Multiple Vulnerabilities

The remote host is running a version of Tridium Niagara AX Web Server that is affected by multiple vulnerabilities : A directory traversal vulnerability exists that allows access to a file that stores login usernames and passwords. (CVE-2012-4027) The system insecurely stores user...

2AI Score

0.003EPSS

2013-07-03 12:00 AM
33
nessus
nessus

Trellix Enterprise Security Manager Web Interface Detection

The web interface for Trellix Enterprise Security Manager (formerly known as McAfee Enterprise Security Manager) was detected on the remote...

7.1AI Score

2023-10-17 12:00 AM
2
nessus
nessus

Zyxel Unified Security Gateway (USG) Web Detection

The web UI for Zyxel Unified Security Gateway (USG) was detected on the remote host. Note: HTTP basic authentication credentials are required by the CGI for obtaining granular version...

1.8AI Score

2022-10-13 12:00 AM
13
nessus
nessus

VISAM Automation Base (VBASE) Web-Remote Detection

The VISAM Automation Base (VBASE) Web-Remote service, a web-based remote interface to VBASE, is running on the remote...

1.5AI Score

2022-03-01 12:00 AM
8
nessus
nessus

Cisco Small Business Router Web UI Detection

Cisco Small Business router web user interface detected on remote host. Note that HTTP credentials are required to retrieve the...

1.7AI Score

2020-07-23 12:00 AM
14
nessus
nessus

Cisco Firepower Device Manager Web Interface Detection

The remote host is running the Firepower Device Manager, which allows for the configuration of FTD...

2AI Score

2020-07-10 12:00 AM
13
nessus
nessus

Cisco UCS Platform Emulator Web UI Detection

Cisco Unified Computing System (UCS) Platform Emulator, software for emulating Cisco UCS hardware communications, is running on the remote...

1.2AI Score

2016-07-06 12:00 AM
8
nessus
nessus

MicroLogix 1400 PLC Web Server Multiple Vulnerabilities

The firmware installed on the remote Allen-Bradley MicroLogix 1400 PLC device is a version prior to 15.003. It is, therefore, affected by multiple vulnerabilities : A flaw exists due to improper sanitization of user-supplied input before using it in SQL queries. An authenticated, remote...

2.1AI Score

0.002EPSS

2016-05-31 12:00 AM
14
nessus
nessus

Honeywell FALCON XL Web Controller Multiple Vulnerabilities

The remote host is a Honeywell FALCON XL Web SCADA controller that is running a firmware version affected by the following vulnerabilities : The change password page can be accessed without authentication to determine users' password hashes, which can allow a remote attacker to gain...

2.8AI Score

0.003EPSS

2014-08-25 12:00 AM
9
osv
osv

CVE-2024-36107

MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...

5.3CVSS

7AI Score

0.0004EPSS

2024-05-28 07:15 PM
2
osv
osv

CVE-2023-23636

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...

5.4CVSS

6.5AI Score

0.001EPSS

2023-02-03 01:15 AM
2
cvelist
cvelist

CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

2.7CVSS

4.2AI Score

0.0004EPSS

2024-04-26 05:31 PM
2
cvelist
cvelist

CVE-2023-4479 Stored XSS Vulnerability in M-Files Web

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time...

7.3CVSS

6.8AI Score

0.0004EPSS

2024-03-04 07:17 AM
vulnrichment
vulnrichment

CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

2.7CVSS

6.8AI Score

0.0004EPSS

2024-04-26 05:31 PM
nessus
nessus

Cisco Unified MeetingPlace Web Conferencing Unauthorized Password Change Security Bypass

According to its self-reported version number, the installation of Cisco Unified MeetingPlace Web Conferencing hosted on the remote web server is potentially affected by a security bypass vulnerability due to the lack of validation of the current password and HTTP session ID during a password...

6.7AI Score

0.002EPSS

2015-07-31 12:00 AM
14
osv
osv

CVE-2023-23635

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...

5.4CVSS

6.5AI Score

0.001EPSS

2023-02-03 01:15 AM
2
openvas
openvas

Generic HTTP Directory Traversal (Web Application URL Parameter) - Active Check

Generic check for HTTP directory traversal vulnerabilities within URL parameters of the remote web...

7.5CVSS

7.6AI Score

0.972EPSS

2017-09-26 12:00 AM
57
veeam
veeam

Veeam ONE Web Client Page Fails to Load After Updating .NET Runtime Components

Make sure all .NET runtime versions match, then restart the Veeam ONE Reporting...

7.1AI Score

2024-01-30 12:00 AM
7
osv
osv

CVE-2022-41142

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of requests to configure poller resources. The issue results from the lack of proper...

8.8CVSS

9AI Score

0.002EPSS

2023-01-26 06:59 PM
2
osv
osv

CVE-2024-31556

An issue in Reportico Web before v.8.1.0 allows a local attacker to execute arbitrary code and obtain sensitive information via the sessionid...

7.2AI Score

EPSS

2024-05-14 09:15 PM
4
akamaiblog

7.3AI Score

2024-05-22 01:00 PM
47
nuclei
nuclei

GetSimple CMS 3.3.13 - Open Redirect

GetSimple CMS 3.3.13 contains an open redirect vulnerability via the admin/index.php redirect parameter. An attacker can redirect a user to a malicious site and possibly obtain sensitive information, modify data, and/or execute unauthorized...

6.1CVSS

6.3AI Score

0.001EPSS

2022-03-13 08:58 AM
4
ubuntucve
ubuntucve

CVE-2024-35326

libyaml v0.2.5 is vulnerable to Buffer Overflow. Affected by this issue is the function yaml_emitter_emit of the file /src/libyaml/src/emitter.c. The manipulation leads to a double-free. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share...

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
osv
osv

MinIO information disclosure vulnerability in github.com/minio/minio

MinIO information disclosure vulnerability in...

5.3CVSS

5AI Score

0.0004EPSS

2024-06-05 03:10 PM
3
veracode
veracode

SQL Injection

mocodo is vulnerable to SQL Injection. The vulnerability is due to improper sanitization of the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

8.5AI Score

EPSS

2024-05-28 07:50 AM
4
cvelist
cvelist

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....

4.3CVSS

5AI Score

0.0005EPSS

2024-04-02 08:28 PM
1
vulnrichment
vulnrichment

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....

4.3CVSS

6.9AI Score

0.0005EPSS

2024-04-02 08:28 PM
1
veracode
veracode

Remote Code Execution (RCE)

mocodo is vulnerable to Remote Code Execution. The vulnerability is due to improper input validation at /web/rewrite.php, which allows an attacker to inject and execute arbitrary...

7.7AI Score

EPSS

2024-05-28 07:08 AM
3
veracode
veracode

Sensitive Information Disclosure

github.com/minio/minio/ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the ability to infer the existence of objects on a server by sending anonymous requests with random object...

5.3CVSS

6.7AI Score

0.0004EPSS

2024-05-30 12:03 PM
1
osv
osv

Malicious code in cuckoo-3-web-ui-tooling (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (adbea70f2acb33710c8ecb7e13e55c24980ccd349854aa6c82915d2829359e15) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI Score

2024-04-22 08:02 AM
4
osv
osv

CVE-2023-45725

Design document functions which receive a user http request object may expose authorization or session cookie headers of the user who accesses the document. These design document functions are: * list * show * rewrite * update An attacker can leak the session component using an...

5.7CVSS

5.4AI Score

0.0004EPSS

2023-12-13 08:15 AM
4
nessus
nessus

Apache ActiveMQ 5.x < 5.14.2 Web-based Administration Console Unspecified XSS

The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.14.2. It is, therefore, affected by a cross-site scripting (XSS) vulnerability in the web-based administration console due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit...

6.1CVSS

6.2AI Score

0.004EPSS

2016-12-16 12:00 AM
23
nuclei
nuclei

ManageEngine - Remote Command Execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...

9.8CVSS

9.9AI Score

0.974EPSS

2023-01-19 07:59 PM
38
cvelist

7.8CVSS

9.7AI Score

0.023EPSS

2021-12-15 02:15 PM
1
veracode
veracode

Improper Authorization

github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been...

2.6CVSS

6.8AI Score

0.0004EPSS

2024-06-13 11:49 AM
70
vulnrichment
vulnrichment

CVE-2024-4175 Improper Input Validation vulnerability in Hyperion Web Server

Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII...

5.4CVSS

6.8AI Score

0.0004EPSS

2024-04-25 11:51 AM
cvelist
cvelist

CVE-2024-25646 Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence

Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the...

7.7CVSS

7.5AI Score

0.0004EPSS

2024-04-09 12:47 AM
nuclei
nuclei

Lin CMS Spring Boot - Default JWT Token

An access control issue in Lin CMS Spring Boot v0.2.1 allows attackers to access the backend information and functions within the...

7.5CVSS

7.4AI Score

0.016EPSS

2024-04-03 05:08 AM
7
ubuntucve
ubuntucve

CVE-2024-35325

A vulnerability was found in libyaml up to 0.2.5. Affected by this issue is the function yaml_event_delete of the file /src/libyaml/src/api.c. The manipulation leads to a double-free. Notes Author| Note ---|--- jdstrand | golang-goyaml is a go translation of libyaml and shouldn't share...

7.2AI Score

0.0004EPSS

2024-06-14 12:00 AM
Total number of security vulnerabilities506920