Filtered by vendor Inedo Subscriptions

Search

Switch to Advanced Search (Beta)
Total 9 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-47244 1 Inedo 1 Proget 2025-05-05 7.3 High
Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information. Exploitation can occur if Anonymous access is enabled, or if there is a successful CSRF attack.
CVE-2017-14944 1 Inedo 1 Proget 2025-04-20 N/A
Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.
CVE-2017-15607 1 Inedo 1 Otter 2025-04-20 N/A
Inedo Otter before 1.7.4 has directory traversal in filesystem-based rafts via vectors involving '/' characters or initial '.' characters, aka OT-181.
CVE-2017-16521 1 Inedo 1 Buildmaster 2025-04-20 N/A
In Inedo BuildMaster before 5.8.2, XslTransform was used where XslCompiledTransform should have been used.
CVE-2017-16760 1 Inedo 1 Buildmaster 2025-04-20 N/A
Inedo BuildMaster before 5.8.2 has XSS.
CVE-2017-16761 1 Inedo 1 Buildmaster 2025-04-20 N/A
An Open Redirect vulnerability in Inedo BuildMaster before 5.8.2 allows remote attackers to redirect users to arbitrary web sites.
CVE-2017-17086 1 Inedo 1 Otter 2025-04-20 N/A
Indeo Otter through 1.7.4 mishandles a "</script>" substring in an initial DP payload, which allows remote attackers to cause a denial of service (crash) or possibly have unspecified other impact, as demonstrated by the Plan Editor.
CVE-2017-16520 1 Inedo 1 Buildmaster 2025-04-20 N/A
Inedo BuildMaster before 5.8.2 does not properly restrict creation of RequireManageAllPrivileges event listeners.
CVE-2017-15608 1 Inedo 1 Proget 2024-11-21 N/A
Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.