CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....

Moodle Insecure direct object reference (IDOR) in a calendar web service

A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. Insufficient capability checks made it possible to fetch other users' calendar action...

CVE-2022-38046 Web Account Manager Information Disclosure Vulnerability

...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

Rancher < 2.2.4 Web Parameter Tampering

The version of a Docker container of Rancher is &lt; 2.2.4 and, thus, is affected by web parameter tampering vulnerability. A vulnerability exists in the login component, where the errorMsg parameter can be tampered to display arbitrary content, filtering tags but not special characters or symbols....

Apache ActiveMQ 5.x < 5.14.2 Web-based Administration Console Unspecified XSS

The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.14.2. It is, therefore, affected by a cross-site scripting (XSS) vulnerability in the web-based administration console due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit...

CVE-2024-4175 Improper Input Validation vulnerability in Hyperion Web Server

Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII...

CVE-2024-25646 Information Disclosure vulnerability in SAP BusinessObjects Web Intelligence

Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the...

Sidekiq vulnerable to a Reflected XSS in Queues Web Page

Description: During the source Code Review of the metrics.erb view of the Sidekiq Web UI, A reflected XSS vulnerability is discovered. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the...

Sidekiq vulnerable to a Reflected XSS in Queues Web Page

Description: During the source Code Review of the metrics.erb view of the Sidekiq Web UI, A reflected XSS vulnerability is discovered. The value of substr parameter is reflected in the response without any encoding, allowing an attacker to inject Javascript code into the response of the...

CVE-2023-23635

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...

CVE-2023-23636

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...

Reportico affected by Incorrect Access Control

An issue discovered in Reportico Till 8.1.0 allows attackers to obtain sensitive information via execute_mode parameter of the...

CVE-2024-4175 Improper Input Validation vulnerability in Hyperion Web Server

Unicode transformation vulnerability in Hyperion affecting version 2.0.15. This vulnerability could allow an attacker to send a malicious payload with Unicode characters that will be replaced by ASCII...

CVE-2024-4300 E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure

E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and...

(RHSA-2024:1917) Important: Red Hat JBoss Web Server 6.0.2 release and security update

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This...

design-compe.jp Cross Site Scripting vulnerability OBB-3910068

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-34103 Customer account takeover via web API call & subsequent password reset

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....

CVE-2024-34103 Customer account takeover via web API call & subsequent password reset

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....

(RHSA-2024:1914) Important: Red Hat JBoss Web Server 5.8.0 release and security update

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This...

(RHSA-2024:1916) Important: Red Hat JBoss Web Server 6.0.2 release and security update

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This...

(RHSA-2024:1913) Important: Red Hat JBoss Web Server 5.8.0 release and security update

Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache Tomcat Servlet container, JBoss HTTP Connector (mod_cluster), the PicketLink Vault extension for Apache Tomcat, and the Tomcat Native library. This...

CVE-2024-5924 Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability

Dropbox Desktop Folder Sharing Mark-of-the-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-of-the-Web protection mechanism on affected installations of Dropbox Desktop. User interaction is required to exploit this vulnerability in that the target must visit.....

ManageEngine - Remote Command Execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...

CVE-2024-4688 Campcodes Complete Web-Based School Management System conversation_history_admin.php cross site scripting

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/conversation_history_admin.php. The manipulation of the argument conversation_id leads to cross site...

CVE-2024-4719 Campcodes Complete Web-Based School Management System delete_record.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The...

Graphite <=1.1.5 - Server-Side Request Forgery

Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is...

Cisco Unified MeetingPlace Web Page Source Code Remote Password Disclosure (CSCuu33050)

According to its self-reported version number, the Cisco Unified MeetingPlace application hosted on the remote web server is potentially affected by an information disclosure vulnerability due to improper handling of passwords. An authenticated, remote attacker can obtain plaintext passwords by...

Improper Authorization

github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been...

CVE-2023-39517

Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (packages/renderer/htmlUtils.ts::sanitizeHtml) preserves &lt;map&gt; <a...

IBM Spectrum Protect Plus Web UI Detection

The web user interface for IBM Spectrum Protect Plus (SPP) was detected on the remote host. IBM SPP is a data protection solution that provides near-instant recovery, replication, retention, and reuse for VMs, databases, and containers in hybrid multicloud...

Linksys Smart Wi-Fi Web Interface Detection

Nessus was able to detect the web administration interface for a Linksys Smart Wi-Fi Router device on the remote...

Cisco UCS Central Software Web UI Detection

The web user interface for Cisco Unified Computing System (UCS) Central Software, an infrastructure management system, was detected on the remote...

ClearSCADA Web Server Remote Denial of Service

The remote ClearSCADA web server is affected by a remote denial of service vulnerability. Sending a specially crafted request could cause the server to throw an exception resulting in a denial of service...

CVE-2021-43214 Web Media Extensions Remote Code Execution Vulnerability

...

CVE-2024-4688 Campcodes Complete Web-Based School Management System conversation_history_admin.php cross site scripting

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /view/conversation_history_admin.php. The manipulation of the argument conversation_id leads to cross site...

CVE-2024-4686 Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The...

CVE-2024-4686 Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The...

CVE-2024-4719 Campcodes Complete Web-Based School Management System delete_record.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The...

RHEL 7 : Red Hat Gluster Storage Web Administration (RHSA-2019:0265)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0265 advisory. Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into...

Zinwave Series 3000 DAS Web Interface Detection

The remote host is running the web interface for a Zinwave Series 3000 DAS, a distributed antenna system hardware...

Microsoft Office Web Apps Installed (credentialed check)

Microsoft Office Web Apps, an online office suite, is installed on the remote Windows...

Visual Mining NetCharts Server Web UI Detection

The remote host is running the web based user interface for Visual Mining NetCharts Server. It is possible to read the web UI version from a standard...

Siemens SCALANCE X-200 Web Session Hijacking

According to the self-reported version of the remote Siemens SCALANCE X-200 series device obtained from the SNMP system description, it is vulnerable to a web session hijacking vulnerability. This is due to a weakness in the integrated web server's random number...

QNAP QTS/QES/QuTS hero - Web Detection

Detects the web interface for QNAP QTS/QES/QuTS hero on the remote...

D-Link DIR Router Web Interface Detection

Nessus was able to detect the web interface for a D-Link DIR router on the remote...

Emerson SM-Ethernet Web Interface Default Credentials

It was possible to log into the remote Emerson SM-Ethernet web interface by providing the default credentials. A remote attacker can exploit this to gain administrative...

Honeywell XL Web Controller FTP Directory Traversal

The remote host is a Honeywell XL Web SCADA controller that is running a firmware version affected by a directory traversal vulnerability in the FTP server. A remote, unauthenticated attacker can exploit this to gain access to the web root...