NotCVE - vendor:"JFrog" product:"Artifactory" version:"

Page 4 of 33 results (0.001 seconds)

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

CVE-2018-1000623

https://notcve.org/view.php?id=CVE-2018-1000623

09 Jul 2018 — JFrog JFrog Artifactory version Prior to version 6.0.3, since version 4.0.0 contains a Directory Traversal vulnerability in The "Import Repository from Zip" feature, available through the Admin menu -> Import & Export -> Repositories, triggers a vulnerable UI REST endpoint (/ui/artifactimport/upload) that can result in Directory traversal / file overwrite and remote code execution. This attack appear to be exploitable via An attacker with Admin privileges may use the aforementioned UI endpoint and exploit t... • https://www.jfrog.com/confluence/display/RTF/Release+Notes#ReleaseNotes-Artifactory6.0.3 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 6%CPEs: 1EXPL: 3

CVE-2016-10036 – Jfrog Artifactory < 4.16 - Arbitrary File Upload / Remote Command Execution

https://notcve.org/view.php?id=CVE-2016-10036

26 Apr 2018 — Unrestricted file upload vulnerability in ui/artifact/upload in JFrog Artifactory before 4.16 allows remote attackers to (1) deploy an arbitrary servlet application and execute arbitrary code by uploading a war file or (2) possibly write to arbitrary files and cause a denial of service by uploading an HTML file. Vulnerabilidad de subida de archivos sin restricción en ui/artifact/upload en JFrog Artifactory, en versiones anteriores a la 4.16, permite que atacantes remotos (1) desplieguen una aplicación del s... • https://packetstorm.news/files/id/147378 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

CVE-2016-6501

https://notcve.org/view.php?id=CVE-2016-6501

09 Dec 2016 — JFrog Artifactory before 4.11 allows remote attackers to execute arbitrary code via an LDAP attribute with a crafted serialized Java object, aka LDAP entry poisoning. JFrog Artifactory en versiones anteriores a 4.11 permite a atacantes remotos ejecutar código arbitrario a través de un atributo LDAP con un objeto Java serializado manipulado, también conocido como envenenamiento de entrada LDAP. • http://www.securityfocus.com/bid/94855 • CWE-20: Improper Input Validation •

1 2 3 4