CAGE Web Design | Rolf Van Gelder Security Vulnerabilities
Summary IBM Connect:Direct Web Services uses PostgreSQL. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-5868 DESCRIPTION: **PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw...
4.3CVSS
6.2AI Score
0.002EPSS
7.8CVSS
7.7AI Score
0.002EPSS
8.8CVSS
8.1AI Score
0.013EPSS
A vulnerability, which was classified as problematic, has been found in Chanzhaoyu chatgpt-web 2.11.1. This issue affects some unknown processing. The manipulation of the argument Description with the input leads to cross site scripting. The attack may be initiated remotely. The exploit has been...
6.1CVSS
6AI Score
0.001EPSS
ARCHIBUS Web Central 21.3.3.815 (a version from 2014) does not properly validate requests for access to data and functionality in these affected endpoints: /archibus/schema/ab-edit-users.axvw, /archibus/schema/ab-data-dictionary-table.axvw, /archibus/schema/ab-schema-add-field.axvw,...
8.8CVSS
8.4AI Score
0.001EPSS
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML...
6.1CVSS
6AI Score
0.001EPSS
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more.....
8.1CVSS
7.8AI Score
0.009EPSS
In Notion Web Clipper 1.0.3(7), a .nib file is susceptible to the Dirty NIB attack. NIB files can be manipulated to execute arbitrary commands. Additionally, even if a NIB file is modified within an application, Gatekeeper may still permit the execution of the application, enabling the execution...
9.8CVSS
6.4AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pulsar Web Design Weekly Class Schedule allows Reflected XSS.This issue affects Weekly Class Schedule: from n/a through...
7.1CVSS
9.3AI Score
0.0004EPSS
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), the Web Application in /archibus/login.axvw assign a session token that could be already in use by another user. It was therefore possible to access the application through a user whose credentials were not known, without any attempt by the....
9.8CVSS
9.3AI Score
0.001EPSS
Apache Tomcat Servers - Remote Code Execution
Apache Tomcat servers 7.0.{0 to 79} are susceptible to remote code execution. By design, you are not allowed to upload JSP files via the PUT method. This is likely a security measure to prevent an attacker from uploading a JSP shell and gaining remote code execution on the server. However, due to.....
8.1CVSS
8AI Score
0.967EPSS
Web Server info.php / phpinfo.php Detection
Many PHP installation tutorials instruct the user to create a PHP file that calls the PHP function 'phpinfo()' for debugging purposes. Various PHP applications may also include such a file. By accessing such a file, a remote attacker can discover a large amount of information about the remote web.....
7.2AI Score
A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...
6.1CVSS
6.1AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation in Jsoup
Cross-site scripting (XSS) vulnerability in jsoup before...
6.1CVSS
6.1AI Score
0.002EPSS
A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword...
7.5CVSS
7.6AI Score
0.001EPSS
Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit...
5.3CVSS
5.4AI Score
0.321EPSS
7.8CVSS
7.7AI Score
0.093EPSS
WP Chat App < 3.6.5 - Admin+ Stored XSS
Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admins to perform Cross-Site Scripting attacks even when unfiltered_html is...
6AI Score
EPSS
Summary IBM Watson Discovery for IBM Cloud Pak for Data contains a vulnerable version of spring-web-5.3.15.jar Vulnerability Details ** CVEID: CVE-2024-22243 DESCRIPTION: **VMware Tanzu Spring Framework could allow a remote attacker to conduct phishing attacks, caused by an open redirect...
8.1CVSS
7.7AI Score
0.0004EPSS
A vulnerability was found in 3D City Database OGC Web Feature Service up to 5.2.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to xml external entity reference. Upgrading to version 5.2.1 is able to address this issue. The name of the patch.....
9.8CVSS
9.5AI Score
0.002EPSS
7.8CVSS
7.6AI Score
0.014EPSS
A vulnerability was found in Control iD Gerencia Web 1.30 and classified as problematic. Affected by this issue is some unknown functionality of the component Cookie Handler. The manipulation leads to cleartext storage of sensitive information. The attack may be launched remotely. The complexity...
5.3CVSS
5.2AI Score
0.001EPSS
Race condition in Dr.Web Security Space Pro 6.0.0.03100 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by signature-based malware detection, via certain user-space memory changes during...
6.9AI Score
0.0004EPSS
'//WEB-INF/' Information Disclosure Vulnerability (HTTP)
Various application or web servers / products are prone to an information disclosure...
7.5CVSS
7.4AI Score
0.101EPSS
VMware Workspace ONE Assist Web Portal Detection
The web portal for VMware Workspace ONE Assist was detected on the remote...
1.4AI Score
Yealink Device Management Platform Web Interface Detection
The web interface for Yealink Device Management Platform, a communications device management platform, was detected on the remote...
7.4AI Score
SonicWall Secure Mobile Access (SMA) Web Detection
The remote host is a SonicWall Secure Mobile Access (SMA) or Secure Remote Access (SRA) device. It is possible to obtain the version and model via the web interface. Note that HTTP form credentials may be required to retrieve the model...
2.7AI Score
VMware vCenter Operations Manager Web UI Detection
The remote web server is running the web UI for VMware vCenter Operations Manager, an application for managing virtual...
2.3AI Score
7.8CVSS
7.4AI Score
0.035EPSS
Cassini / CassiniEx Web Server Detection (HTTP)
HTTP based detection of the Cassini / CassiniEx Web...
7.3AI Score
This plugin makes a mirror of the remote website(s) and extracts the list of CGIs that are used by the remote host. It is suggested that you change the number of pages to mirror in the 'Options' section of the...
0.6AI Score
N-able N-central Web Interface Detection
The web interface for N-able N-central was detected on the remote...
7.5AI Score
Oracle WebLogic Web Services Test Client Detection
Oracle WebLogic Web services test client was detected on the remote...
1.3AI Score
NOTE: this issue has been disputed by the vendor. Buffer overflow in the PKI Web Service in Check Point Firewall-1 PKI Web Service allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long (1) Authorization or (2) Referer HTTP header to TCP port...
8.3AI Score
0.12EPSS
SAP BusinessObjects Business Intelligence Platform Web Detection.
SAP BusinessObjects Business Intelligence Platform web interface detected on remote...
0.8AI Score
EMC Cloud Tiering Appliance Web Interface Detection
The remote web server is the user interface for EMC Cloud Tiering Appliance (CTA), an appliance-based solution for file tiering, archiving and...
2.9AI Score
Progress Telerik Report Server Web Interface Detection
The web interface for Progress Telerik Report Server was detected on the remote...
7.5AI Score
Trellix Enterprise Security Manager Web Interface Detection
The web interface for Trellix Enterprise Security Manager (formerly known as McAfee Enterprise Security Manager) was detected on the remote...
7.1AI Score
VISAM Automation Base (VBASE) Web-Remote Detection
The VISAM Automation Base (VBASE) Web-Remote service, a web-based remote interface to VBASE, is running on the remote...
1.5AI Score
Syncovery For Linux Web-GUI Session Token Brute-Forcer
This module attempts to brute-force a valid session token for the Syncovery File Sync & Backup Software Web-GUI by generating all possible tokens, for every second between 'DateTime.now' and the given X day(s). By default today and yesterday (DAYS = 1) will be checked. If a valid session token is.....
7.2AI Score
Cisco Firepower Device Manager Web Interface Detection
The remote host is running the Firepower Device Manager, which allows for the configuration of FTD...
2AI Score
Malicious code in brand-adidas-design-tokens (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (7e16fae72fd3726263d7bfa2f1c164b7d4100f89931856c163e37c534feb1a57) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
5.5CVSS
5.5AI Score
0.0004EPSS
7.8CVSS
7.5AI Score
0.031EPSS
7.8CVSS
7.7AI Score
0.016EPSS
SolarWinds Web Performance Monitor (WPM) Detection (HTTP)
HTTP based detection of SolarWinds Web Performance Monitor ...
7.4AI Score
SABnzbd is an open source automated Usenet download tool. A design flaw was discovered in SABnzbd that could allow remote code execution. Manipulating the Parameters setting in the Notification Script functionality allows code execution with the privileges of the SABnzbd process. Exploiting the...
9.8CVSS
8.8AI Score
0.022EPSS
Apache ActiveMQ Web Console Default Credentials
ActiveMQ Web Console, an administrative interface for Apache ActiveMQ, is protected using default credentials. Note that no authentication mechanism was provided prior to version 5.4.0. However, in version 5.4.0, HTTP Basic Authentication was an option, and starting with version 5.8.0, this was...
7.6AI Score
Zabbix Web Interface Default Administrator Credentials
The remote Zabbix Web Interface uses a default set of credentials ('Admin' / 'zabbix') to control access to its management interface. With this information, an attacker can gain administrative access to the...
7.5AI Score
7.8CVSS
7.7AI Score
0.005EPSS