Cappricio-Securities

36 exploits Active since Feb 2000
CVE-2024-4956 NOMISEC HIGH SCANNER
Sonatype Nexus Repository <3.68.1 - Path Traversal
Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed in version 3.68.1.
3 stars
CVSS 7.5
CVE-2024-36991 NOMISEC HIGH SCANNER
Splunk 9.0.0-9.0.9 - Path Traversal via /modules/messaging/ Endpoint
In Splunk Enterprise on Windows versions below 9.2.2, 9.1.5, and 9.0.10, an attacker could perform a path traversal on the /modules/messaging/ endpoint in Splunk Enterprise on Windows. This vulnerability should only affect Splunk Enterprise on Windows.
3 stars
CVSS 7.5
CVE-2021-24917 NOMISEC HIGH SCANNER
WPS Hide Login <1.9.1 - Info Disclosure
The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user.
3 stars
CVSS 7.5
CVE-2024-27956 NOMISEC CRITICAL SCANNER
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
2 stars
CVSS 9.9
CVE-2024-34470 NOMISEC HIGH SCANNER
HSC Mailinspector <5.2.18 - Path Traversal
An issue was discovered in HSC Mailinspector 5.2.17-3 through v.5.2.18. An Unauthenticated Path Traversal vulnerability exists in the /public/loader.php file. The path parameter does not properly filter whether the file and directory passed are part of the webroot, allowing an attacker to read arbitrary files on the server.
2 stars
CVSS 8.6
CVE-2024-24919 NOMISEC HIGH SCANNER
Check Point Quantum Gateway - Information Disclosure
Potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades. A Security fix that mitigates this vulnerability is available.
2 stars
CVSS 8.6
CVE-2023-27524 NOMISEC HIGH SCANNER
Apache Superset Signed Cookie Priv Esc
Session Validation attacks in Apache Superset versions up to and including 2.0.1. Installations that have not altered the default configured SECRET_KEY according to installation instructions allow for an attacker to authenticate and access unauthorized resources. This does not affect Superset administrators who have changed the default value for SECRET_KEY config. All superset installations should always set a unique secure random SECRET_KEY. Your SECRET_KEY is used to securely sign all session cookies and encrypting sensitive information on the database. Add a strong SECRET_KEY to your `superset_config.py` file like: SECRET_KEY = <YOUR_OWN_RANDOM_GENERATED_SECRET_KEY> Alternatively you can set it with `SUPERSET_SECRET_KEY` environment variable.
2 stars
CVSS 8.9
CVE-2021-20323 NOMISEC MEDIUM SCANNER
Keycloak < 17.0.0 - Reflected Cross-Site Scripting via POST Request
A POST based reflected Cross Site Scripting vulnerability on has been identified in Keycloak.
2 stars
CVSS 6.1
CVE-2020-27838 NOMISEC MEDIUM SCANNER
Keycloak < 13.0.0 - Unauthenticated Information Disclosure via Client Registration Endpoint
A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.
2 stars
CVSS 6.5
CVE-2020-35489 NOMISEC CRITICAL SCANNER
Contact Form 7 < 5.3.2 - Unrestricted File Upload and Remote Code Execution via Filename Special Characters
The contact-form-7 (aka Contact Form 7) plugin before 5.3.2 for WordPress allows Unrestricted File Upload and remote code execution because a filename may contain special characters.
2 stars
CVSS 10.0
CVE-2018-8033 NOMISEC HIGH SCANNER
Apache OFBiz 16.11.01-16.11.04 - Info Disclosure
In Apache OFBiz 16.11.01 to 16.11.04, the OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. Both POST and GET requests to the httpService endpoint may contain three parameters: serviceName, serviceMode, and serviceContext. The exploitation occurs by having DOCTYPEs pointing to external references that trigger a payload that returns secret information from the host.
2 stars
CVSS 7.5
CVE-2000-0114 NOMISEC SCANNER
Frontpage Server Extensions - Info Disclosure
Frontpage Server Extensions allows remote attackers to determine the name of the anonymous account via an RPC POST request to shtml.dll in the /_vti_bin/ virtual directory.
2 stars
CVE-2024-0195 NOMISEC MEDIUM SCANNER
spider-flow 0.4.3 - Remote Code Execution via FunctionService.saveFunction
A vulnerability, which was classified as critical, was found in spider-flow 0.4.3. Affected is the function FunctionService.saveFunction of the file src/main/java/org/spiderflow/controller/FunctionController.java. The manipulation leads to code injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-249510 is the identifier assigned to this vulnerability.
1 stars
CVSS 6.3
CVE-2024-1208 NOMISEC MEDIUM SCANNER
LearnDash LMS <4.10.2 - Info Disclosure
The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz questions.
1 stars
CVSS 5.3
CVE-2023-5089 NOMISEC MEDIUM SCANNER
Defender Security WP <4.1.0 - Auth Bypass
The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled.
1 stars
CVSS 5.3
CVE-2023-24044 NOMISEC MEDIUM SCANNER
Plesk Obsidian <18.0.49 - Host Header Injection
A Host Header Injection issue on the Login page of Plesk Obsidian through 18.0.49 allows attackers to redirect users to malicious websites via a Host request header. NOTE: the vendor's position is "the ability to use arbitrary domain names to access the panel is an intended feature."
1 stars
CVSS 6.1
CVE-2022-21371 NOMISEC HIGH SCANNER
Oracle WebLogic Server 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, 14.1.1.0.0 - Unauthenticated Path Traversal via HTTP
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affected are 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
1 stars
CVSS 7.5
CVE-2022-21500 NOMISEC HIGH SCANNER
Oracle E-Business Suite 12.2 - Unauthorized Access
Vulnerability in Oracle E-Business Suite (component: Manage Proxies). The supported version that is affected is 12.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle E-Business Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle E-Business Suite accessible data. Note: Authentication is required for successful attack, however the user may be self-registered. <br> <br>Oracle E-Business Suite 12.1 is not impacted by this vulnerability. Customers should refer to the Patch Availability Document for details. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
1 stars
CVSS 7.5
CVE-2021-40438 NOMISEC CRITICAL SCANNER
Apache HTTP Server <2.4.48 - SSRF
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
1 stars
CVSS 9.0
CVE-2020-3452 NOMISEC HIGH SCANNER
Cisco ASA 9.6-9.6.4.42 & FTD 6.2.3-6.2.3.16 Unauthenticated Path Traversal
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and read sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of URLs in HTTP requests processed by an affected device. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences to an affected device. A successful exploit could allow the attacker to view arbitrary files within the web services file system on the targeted device. The web services file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability cannot be used to obtain access to ASA or FTD system files or underlying operating system (OS) files.
1 stars
CVSS 7.5
CVE-2020-3187 NOMISEC CRITICAL SCANNER
Cisco ASA & FTD - Unauthenticated Path Traversal & Arbitrary File Deletion via HTTP
A vulnerability in the web services interface of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to conduct directory traversal attacks and obtain read and delete access to sensitive files on a targeted system. The vulnerability is due to a lack of proper input validation of the HTTP URL. An attacker could exploit this vulnerability by sending a crafted HTTP request containing directory traversal character sequences. An exploit could allow the attacker to view or delete arbitrary files on the targeted system. When the device is reloaded after exploitation of this vulnerability, any files that were deleted are restored. The attacker can only view and delete files within the web services file system. This file system is enabled when the affected device is configured with either WebVPN or AnyConnect features. This vulnerability can not be used to obtain access to ASA or FTD system files or underlying operating system (OS) files. Reloading the affected device will restore all files within the web services file system.
1 stars
CVSS 9.1
CVE-2019-12616 NOMISEC MEDIUM SCANNER
phpMyAdmin < 4.9.0 - Cross-Site Request Forgery
An issue was discovered in phpMyAdmin before 4.9.0. A vulnerability was found that allows an attacker to trigger a CSRF attack against a phpMyAdmin user. The attacker can trick the user, for instance through a broken <img> tag pointing at the victim's phpMyAdmin database, and the attacker can potentially deliver a payload (such as a specific INSERT or DELETE statement) to the victim.
1 stars
CVSS 6.5
CVE-2017-7269 NOMISEC CRITICAL SCANNER
Internet Information Services 6.0 - Remote Code Execution via WebDAV PROPFIND Request
Buffer overflow in the ScStoragePathFromUrl function in the WebDAV service in Internet Information Services (IIS) 6.0 in Microsoft Windows Server 2003 R2 allows remote attackers to execute arbitrary code via a long header beginning with "If: <http://" in a PROPFIND request, as exploited in the wild in July or August 2016.
1 stars
CVSS 9.8
CVE-2015-7297 NOMISEC SCANNER
Joomla! 3.2-3.4.3 - SQL Injection
SQL injection vulnerability in Joomla! 3.2 before 3.4.4 allows remote attackers to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than CVE-2015-7858.
1 stars
CVE-2015-1635 NOMISEC CRITICAL SCANNER
MS15-034 HTTP Protocol Stack Request Handling Denial-of-Service
HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
1 stars
CVSS 9.8