CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a cross-site scripting (XSS) vulnerability.
A crafted HTTP packet with a -1 content-length header can create a denial-of-service condition in Softing Secure Integration Server V1.22.
BigAnt Software BigAnt Server v5.6.06 was discovered to contain a Cross-Site Request Forgery (CSRF).
BigAnt Software BigAnt Server v5.6.06 was discovered to utilize weak password hashes.
BigAnt Software BigAnt Server v5.6.06 was discovered to be vulnerable to directory traversal attacks.
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control issues.
BigAnt Software BigAnt Server v5.6.06 was discovered to contain incorrect access control.
The Hyland Onbase Application Server releases prior to 20.3.58.1000 and OnBase releases 21.1.1.1000 through 21.1.15.1000 are vulnerable to a username enumeration vulnerability. An attacker can obtain valid users based on the response returned for invalid and valid users by sending a POST login request to the /mobilebroker/ServiceToBroker.svc/Json/Connect endpoint. This can lead to user enumeration against the underlying Active Directory integrated systems.
Joplin 2.6.10 allows remote attackers to execute system commands through malicious code in user search results.
The application searches for a library dll that is not found. If an attacker can place a dll with this name, then the attacker can leverage it to execute arbitrary code on the targeted Softing Secure Integration Server V1.22.
