Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a....
6.8CVSS
6.3AI Score
0.0004EPSS
Dell ECS Streamer, versions prior to 2.0.7.1, contain an insertion of sensitive information in log files vulnerability. A remote malicious high-privileged user could potentially exploit this vulnerability leading to exposure of this sensitive...
5.8CVSS
4.9AI Score
0.001EPSS
DELL ECS prior to 3.8.0.2 contains an improper verification of cryptographic signature vulnerability. A network attacker with an ability to intercept the request could potentially exploit this vulnerability to modify the body data of the...
7.5CVSS
7.4AI Score
0.001EPSS
EVOLUCARE ECSIMAGING (aka ECS Imaging) < 6.21.5 is vulnerable to Cross Site Scripting (XSS) via new_movie....
6.1CVSS
5.9AI Score
0.001EPSS
ECOA BAS controller stores sensitive data (backup exports) in clear-text, thus the unauthenticated attacker can remotely query user password and obtain user’s...
7.3CVSS
7.2AI Score
0.001EPSS
ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected...
7.5CVSS
7.4AI Score
0.024EPSS
ECOA BAS controller is vulnerable to weak access control mechanism allowing authenticated user to remotely escalate privileges by disclosing credentials of administrative accounts in...
8.8CVSS
8.7AI Score
0.001EPSS
ECOA BAS controller is vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. As a result of this vulnerability, attackers with general user's privilege can remotely bypass authorization and access the hidden.....
8.8CVSS
8.7AI Score
0.001EPSS
ECOA BAS controller suffers from an arbitrary file write and path traversal vulnerability. Using the POST parameters, unauthenticated attackers can remotely set arbitrary values for location and content type and gain the possibility to execute arbitrary code on the affected...
9.8CVSS
10AI Score
0.002EPSS
ECOA BAS controller suffers from an authentication bypass vulnerability. An unauthenticated attacker through cookie poisoning can remotely bypass authentication and disclose sensitive information and circumvent physical access controls in smart homes and buildings and manipulate...
9.8CVSS
9.1AI Score
0.002EPSS
ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging...
9.8CVSS
9.4AI Score
0.009EPSS
ECOA BAS controller has a Cross-Site Request Forgery vulnerability, thus authenticated attacker can remotely place a forged request at a malicious web page and execute CRUD commands (GET, POST, PUT, DELETE) to perform arbitrary operations in the...
8.8CVSS
8.8AI Score
0.001EPSS
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files disclosure. Using the specific POST parameter, unauthenticated attackers can remotely disclose arbitrary files on the affected device and disclose sensitive and system...
7.5CVSS
7.5AI Score
0.024EPSS
ECOA BAS controller uses weak set of default administrative credentials that can be easily guessed in remote password attacks and gain full control of the...
9.8CVSS
9.7AI Score
0.002EPSS
ECOA BAS controller’s special page displays user account and passwords in plain text, thus unauthenticated attackers can access the page and obtain privilege with full...
9.8CVSS
9.5AI Score
0.002EPSS
ECOA BAS controller is vulnerable to configuration disclosure when direct object reference is made to the specific files using an HTTP GET request. This will enable the unauthenticated attacker to remotely disclose sensitive information and help her in authentication bypass, privilege escalation...
9.8CVSS
9.5AI Score
0.003EPSS
ECOA BAS controller suffers from a path traversal vulnerability, causing arbitrary files deletion. Using the specific GET parameter, unauthenticated attackers can remotely delete arbitrary files on the affected device and cause denial of service...
9.1CVSS
9.2AI Score
0.001EPSS
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has multiple SQL Injection issues in the login form and the password-forgotten form (such as /req_password_user.php?email=). This allows an attacker to steal data in the database and obtain access to the application. (The database component...
9.8CVSS
9.8AI Score
0.004EPSS
EVOLUCARE ECSIMAGING (aka ECS Imaging) through 6.21.5 has an OS Command Injection vulnerability via shell metacharacters and an IFS manipulation. The parameter "file" on the webpage /showfile.php can be exploited to gain root access. NOTE: This vulnerability only affects products that are no...
9.8CVSS
9.8AI Score
0.004EPSS
A vulnerability in Jenkins ECS Publisher Plugin 1.0.0 and earlier allows attackers with Item/Extended Read permission, or local file system access to the Jenkins home directory to obtain the API token configured in this plugin's...
6.5CVSS
6.2AI Score
0.002EPSS
Dell EMC ECS versions 3.2.0.0 and 3.2.0.1 contain an authentication bypass vulnerability. A remote unauthenticated attacker could exploit this vulnerability to read and modify S3 objects by supplying specially crafted S3...
9.8CVSS
9.4AI Score
0.006EPSS