Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Com User Security Vulnerabilities

cve
cve

CVE-2022-4098

Multiple Wiesemann&Theis products of the ComServer Series are prone to an authentication bypass through IP spoofing. After a user logged in to the WBM of the Com-Server an unauthenticated attacker in the same subnet can obtain the session ID and through IP spoofing change arbitrary settings by...

8CVSS

8AI Score

0.001EPSS

2022-12-13 08:15 AM
34
cve
cve

CVE-2022-42787

Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...

8.8CVSS

8.5AI Score

0.003EPSS

2022-11-10 12:15 PM
28
6
cve
cve

CVE-2017-0298

A DCOM object in Helppane.exe in Microsoft Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016, when configured to run as the interactive user, allows an authenticated attacker...

7.3CVSS

5.8AI Score

0.001EPSS

2017-06-15 01:29 AM
46
cve
cve

CVE-2009-4938

SQL injection vulnerability in the JVideo! (com_jvideo) component 0.3.11c Beta and 0.3.x for Joomla! allows remote attackers to execute arbitrary SQL commands via the user_id parameter in a user action to...

8.6AI Score

0.001EPSS

2010-07-22 10:00 AM
16
cve
cve

CVE-2010-1304

Directory traversal vulnerability in userstatus.php in the User Status (com_userstatus) component 1.21.16 for Joomla! allows remote attackers to read arbitrary files via a .. (dot dot) in the controller parameter to...

5.6AI Score

0.004EPSS

2010-04-08 04:30 PM
24
cve
cve

CVE-2008-5208

SQL injection vulnerability in sub_votepic.php in the Datsogallery (com_datsogallery) module 1.6 for Joomla! allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP...

8.3AI Score

0.001EPSS

2008-11-24 05:30 PM
33
cve
cve

CVE-2008-3681

components/com_user/models/reset.php in Joomla! 1.5 through 1.5.5 does not properly validate reset tokens, which allows remote attackers to reset the "first enabled user (lowest id)" password, typically for the...

6.5AI Score

0.099EPSS

2008-08-14 07:41 PM
34
4
cve
cve

CVE-2008-2093

SQL injection vulnerability in the Profiler (com_comprofiler) component in Community Builder for Mambo and Joomla! allows remote attackers to execute arbitrary SQL commands via the user parameter in a userProfile action to...

8.3AI Score

0.001EPSS

2008-05-06 04:20 PM
27