CVE-2017-20113 – TrueConf Server Stored cross site scripting
https://notcve.org/view.php?id=CVE-2017-20113
A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96627 https://www.exploit-db.com/exploits/41184 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVE-2021-41810 – Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool
https://notcve.org/view.php?id=CVE-2021-41810
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable La herramienta de administración permite almacenar datos de configuración con un script que puede ser ejecutado por otro administrador de la bóveda. Requiere autenticación a nivel de administrador de la bóveda y no es explotable remotamente • https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2021-31816
https://notcve.org/view.php?id=CVE-2021-31816
When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. Cuando se configura Octopus Server, si está configurado con una base de datos SQL externa, en la configuración inicial la contraseña de la base de datos se escribe en el archivo de registro OctopusServer.txt en texto plano • https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31816%29.2121793537.html • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2021-30183
https://notcve.org/view.php?id=CVE-2021-30183
Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext. Un almacenamiento de texto sin cifrar de información confidencial en múltiples versiones de Octopus Server, donde en determinadas situaciones cuando se ejecutan procesos de importación o exportación, la contraseña usada para cifrar y descifrar valores confidenciales se escribiría en los registros en texto plano • https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html https://github.com/OctopusDeploy/Issues • CWE-312: Cleartext Storage of Sensitive Information •
CVE-2018-1000881
https://notcve.org/view.php?id=CVE-2018-1000881
Traccar Traccar Server version 4.0 and earlier contains a CWE-94: Improper Control of Generation of Code ('Code Injection') vulnerability in ComputedAttributesHandler.java that can result in Remote Command Execution. This attack appear to be exploitable via Remote: web application request by a self-registered user. This vulnerability appears to have been fixed in 4.1 and later. Traccar Traccar Server, en versiones 4.0 y anteriores, contiene una vulnerabilidad CWE-94: control incorrecto de la generación de código ("inyección de código") en ComputedAttributesHandler.java que puede resultar en la ejecución remota de comandos. El ataque parece ser explotable mediante una petición web remota realizada por un usuario autorregistrado. • https://appcheck-ng.com/advisory-remote-code-execution-traccar-server • CWE-94: Improper Control of Generation of Code ('Code Injection') •