1161
|
- |
|
-
|
-
|
System->Maintenance-> Log Files in dotCMS dashboard is providing the username/password for database connections in the log output. Nevertheless, this is a moderate issue as it requires a backend admi…
|
-
|
CVE-2024-3165
|
2024-10-1 01:15 |
2024-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1162
|
- |
|
-
|
-
|
In dotCMS dashboard, the Tools and Log Files tabs under System ? Maintenance Portlet, which is and always has been an Admin portlet, is accessible to anyone with that portlet and not just to CMS Admi…
|
-
|
CVE-2024-3164
|
2024-10-1 01:15 |
2024-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1163
|
6.1 |
MEDIUM
Network
|
dotcms
|
dotcms
|
In dotCMS, versions mentioned, a flaw in the NormalizationFilter does not strip double slashes (//) from URLs, potentially enabling bypasses for XSS and access controls. An example affected URL is h…
|
CWE-79
Cross-site Scripting
|
CVE-2023-3042
|
2024-10-1 01:15 |
2023-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1164
|
7.1 |
HIGH
Local
|
artifex debian
|
ghostscript debian_linux
|
A heap-based buffer overwrite vulnerability was found in GhostScript's lp8000_print_page() function in the gdevlp8k.c file. This flaw allows an attacker to trick a user into opening a crafted PDF fil…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2020-27792
|
2024-10-1 01:15 |
2022-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1165
|
5.4 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9 through 9.3.3 and versions below 8.5.19 are vulnerable to stored XSS in the calendar event addition feature because the calendar event name was not sanitized on output. Users …
|
CWE-79
Cross-site Scripting
|
CVE-2024-7398
|
2024-10-1 01:12 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1166
|
4.8 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS versions 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in Image Editor Background Color. A rogue admin could add malicious code to the Thumbnails/Add-Type. The Concrete C…
|
CWE-79
Cross-site Scripting
|
CVE-2024-8291
|
2024-10-1 00:59 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1167
|
2.7 |
LOW
Network
|
github
|
enterprise_server
|
An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of G…
|
NVD-CWE-noinfo
|
CVE-2024-8263
|
2024-10-1 00:57 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1168
|
7.5 |
HIGH
Network
ibm
|
aspera_console
|
IBM Aspera Console 3.4.0 through 3.4.4 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag. A remote attacker could exploit this vulnerabilit…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2022-43845
|
2024-10-1 00:53 |
2024-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
1169
|
4.9 |
MEDIUM
Network
|
zyxel
|
wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…
|
An improper restriction of operations within the bounds of a memory buffer in the MAC address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated at…
|
NVD-CWE-noinfo
|
CVE-2024-38268
|
2024-10-1 00:52 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
1170
|
4.9 |
MEDIUM
Network
|
zyxel
|
wx5600-t0_firmware wx3401-b0_firmware wx3100-t0_firmware scr50axe_firmware px3321-t1_firmware pm7300-t0_firmware pm5100-t0_firmware pm3100-t0_firmware ax7501-b1_firmware vm…
|
An improper restriction of operations within the bounds of a memory buffer in the IPv6 address parser of the Zyxel VMG8825-T50K firmware versions through 5.50(ABOM.8)C0 could allow an authenticated a…
|
NVD-CWE-noinfo
|
CVE-2024-38267
|
2024-10-1 00:52 |
2024-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|