CAGE Web Design | Rolf Van Gelder Security Vulnerabilities

Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation

Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit _users documents with duplicate keysfor 'roles' used for access control within the database, including the special case '_admin' role,...

CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability

...

MinIO information disclosure vulnerability

Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...

design-interior.ck.ua Cross Site Scripting vulnerability OBB-3905563

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Tenable Core Web Interface Detection

A Tenable Core Web Interface was detected on the remote...

Draytek VigorConnect Web UI Detection

The web application running on the remote web server is Draytek VigorConnect. Draytek VigorConnect is a network management web application for DrayTek...

Apache Pluto Web Interface Detection

The web interface for Apache Pluto was detected on the remote host. Apache Pluto is a portlet specification reference implementation and technology compliance...

Web Site Hosting Malicious Binaries

The MD5 sum of one or more binaries hosted on the remote web server matches known malware. This may indicate that the remote site was compromised. Note that Nessus has only scanned files with the following extensions : exe , dll , scr , drv , sys , bat , cmd , com , cpl , csh , gadget ,...

CVE-2023-27564

The n8n package 0.218.0 for Node.js allows Information...

CVE-2023-27562

The n8n package 0.218.0 for Node.js allows Directory...

StreamSets Data Collector Web Detection

StreamSets Data Collector, a tool for building pipelines, was detected based on the web interface. Note that for this detection, ports 18630 and 18636 will need to be added to the Nessus port...

Exploit for OS Command Injection in Gitlab

CVE-2022-2185 wo ee cve-2022-2185 gitlab authenticated rce...

Trend Micro InterScan Web Security Virtual Appliance (IWSVA) DecryptPasswd Stack-based Buffer Overflow

The Trend Micro InterScan Web Security Virtual Appliance (IWSVA) is affected by a remote code execution vulnerability. A stack-based buffer overflow condition exists in the DecryptPasswd function in libuiauutil.so due to improper validation of user-supplied data before copying it to a fixed-size,.....

Schneider Electric InduSoft Web Studio < 7.1.3.4 Multiple Information Disclosures (SEVD-2015-054-01)

According to its self-reported version, the installation of Schneider Electric InduSoft Web Studio running on the remote host is prior to 7.1.3.4. It is, therefore, affected by the multiple information disclosure vulnerabilities : A hard-coded plaintext password is used to control read ...

design-compe.jp Cross Site Scripting vulnerability OBB-3910068

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...

CVE-2024-3468 Deserialization of Untrusted Data in AVEVA PI Web API

There is a vulnerability in AVEVA PI Web API that could allow malicious code to execute on the PI Web API environment under the privileges of an interactive user that was socially engineered to use API XML import functionality with content supplied by an...

CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

CVE-2023-4479 Stored XSS Vulnerability in M-Files Web

Stored XSS Vulnerability in M-Files Web versions before 23.8 allows attacker to execute script on users browser via stored HTML document within limited time...

CVE-2023-39517

Joplin is a free, open source note taking and to-do application. A Cross site scripting (XSS) vulnerability in affected versions allows clicking on an untrusted image link to execute arbitrary shell commands. The HTML sanitizer (packages/renderer/htmlUtils.ts::sanitizeHtml) preserves &lt;map&gt; <a...

CVE-2024-30050 Windows Mark of the Web Security Feature Bypass Vulnerability

...

CVE-2024-4235 Netgear DG834Gv5 Web Management Interface cleartext storage

A vulnerability classified as problematic was found in Netgear DG834Gv5 1.6.01.34. This vulnerability affects unknown code of the component Web Management Interface. The manipulation leads to cleartext storage of sensitive information. The attack can be initiated remotely. The exploit has been...

Cisco Unified MeetingPlace Web Conferencing Unauthorized Password Change Security Bypass

According to its self-reported version number, the installation of Cisco Unified MeetingPlace Web Conferencing hosted on the remote web server is potentially affected by a security bypass vulnerability due to the lack of validation of the current password and HTTP session ID during a password...

CVE-2024-5798 Vault Incorrectly Validated JSON Web Tokens (JWT) Audience Claims

Vault and Vault Enterprise did not properly validate the JSON Web Token (JWT) role-bound audience claim when using the Vault JWT auth method. This may have resulted in Vault validating a JWT the audience and role-bound claims do not match, allowing an invalid login to succeed when it should have...

Apache ActiveMQ's default configuration doesn't secure the API web context

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia....

CVE-2023-23636

In Jellyfin 10.8.x through 10.8.3, the name of a playlist is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...

CVE-2023-23635

In Jellyfin 10.8.x through 10.8.3, the name of a collection is vulnerable to stored XSS. This allows an attacker to steal access tokens from the localStorage of the...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

CVE-2024-37295 Aimeos Core remote code execution in web server context

Aimeos is an Open Source e-commerce framework for online shops. Starting in version 2024.01.1 and prior to version 2024.04.5, a user with administrative privileges can upload files that look like images but contain PHP code which can then be executed in the context of the web server. Version...

Improper Authorization

github.com/hashicorp/vault is vulnerable to Improper Authorization. The vulnerability is due to the JWT auth method improperly validating the audience and role-bound claims, allowing invalid logins to succeed when they should have been...

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....

CVE-2024-30370 RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability

RARLAB WinRAR Mark-Of-The-Web Bypass Vulnerability. This vulnerability allows remote attackers to bypass the Mark-Of-The-Web protection mechanism on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in that the target must perform a specific action....

HAWKI 1.0.0-beta.1 XSS / File Overwrite / Session Fixation

...

Apache ActiveMQ's default configuration doesn't secure the API web context

In Apache ActiveMQ 6.x, the default configuration doesn't secure the API web context (where the Jolokia JMX REST API and the Message REST API are located). It means that anyone can use these layers without any required authentication. Potentially, anyone can interact with the broker (using Jolokia....

IceWarp Web Mail <= 10.4.5 Information Disclosure Vulnerability - Active Check

IceWarp Web Mail is prone to an information disclosure ...

CVE-2024-34103 Customer account takeover via web API call & subsequent password reset

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....

Apache ActiveMQ 5.x < 5.14.2 Web-based Administration Console Unspecified XSS

The version of Apache ActiveMQ running on the remote host is 5.x prior to 5.14.2. It is, therefore, affected by a cross-site scripting (XSS) vulnerability in the web-based administration console due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit...

Cisco EPN Manager Detection (Web UI)

The remote host is running Cisco Evolved Programmable Network (EPN) Manager, an application used for element and network management across converged access, aggregation, and core...

Graphite <=1.1.5 - Server-Side Request Forgery

Graphite's send_email in graphite-web/webapp/graphite/composer/views.py in versions up to 1.1.5 is vulnerable to server-side request forgery (SSR)F. The vulnerable SSRF endpoint can be used by an attacker to have the Graphite web server request any resource. The response to this SSRF request is...

ManageEngine - Remote Command Execution

Multiple Zoho ManageEngine on-premise products, such as ServiceDesk Plus through 14003, allow remote code execution due to use of Apache xmlsec (aka XML Security for Java) 1.4.1, because the xmlsec XSLT features, by design in that version, make the application responsible for certain security...

CVE-2024-4686 Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The...

CVE-2024-4686 Campcodes Complete Web-Based School Management System emarks_range_grade_update_form.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file /view/emarks_range_grade_update_form.php. The manipulation of the argument grade leads to cross site scripting. The...

CVE-2024-4719 Campcodes Complete Web-Based School Management System delete_record.php cross site scripting

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /model/delete_record.php. The manipulation of the argument page leads to cross site scripting. The...

Progress MOVEit Transfer Web Interface Detection

The web interface for Progress MOVEit Transfer (formerly known as Ipswitch MOVEit DMZ) was detected on the remote host. This plugin does not attempt to detect the...

CVE-2022-38046 Web Account Manager Information Disclosure Vulnerability

...

HP DesignJet Printer Web Interface Detection

The web interface for HP DesignJet Printer was detected on the remote...

Tridium Niagara AX Web Server Detection

The remote host is running the Tridium Niagara AX Web Server, Tridium Niagara AX is a development framework used to create software for use in SCADA...

CVE-2024-34103 Customer account takeover via web API call & subsequent password reset

Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authentication vulnerability that could result in privilege escalation. An attacker could exploit this vulnerability to gain unauthorized access or elevated privileges within the application....

HP PageWide Printer Web Interface Detection

The remote host is an HP PageWide printer. It is possible to obtain the product, firmware versions, and more via the web...