Lucene search
+L

156 matches found

Vulnrichment
Vulnrichment
added 2024/11/18 4:33 p.m.33 views

CVE-2024-47533 Cobbler allows anyone to connect to cobbler XML-RPC server with a known password and make changes

Cobbler, a Linux installation server that allows for rapid setup of network installation environments, has an improper authentication vulnerability starting in version 3.0.0 and prior to versions 3.2.3 and 3.3.7. utils.getsharedsecret always returns -1, which allows anyone to connect to cobbler...

9.8CVSS7.5AI score0.03948EPSS
Exploits6References3
CNNVD
CNNVD
added 2024/11/18 12:0 a.m.4 views

Cobbler 授权问题漏洞

Cobbler is an open source network installation server suite from Cobbler, which is used to quickly set up Linux network installation environments. An authorization issue vulnerability exists in Cobbler versions 3.0.0 through 3.2.3 and prior to 3.3.7 that stems from improper authentication,...

9.8CVSS6.4AI score0.03948EPSS
Exploits6References3
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.11 views

WordPress Ali2Woo Lite Plugin <= 3.3.5 is vulnerable to Broken Access Control

Software Ali2Woo Lite Type Plugin Vulnerable versions = 3.3.5 Fixed in 3.3.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-37210 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 02abd7b980c0 Credits Majed Refaea Required...

6.5AI score0.00269EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/27 12:0 a.m.16 views

PT-2024-23014 · Unknown · Mybooktable Bookstore

Name of the Vulnerable Software and Affected Versions: MyBookTable Bookstore versions 3.3.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This enables attackers to inject...

6.5CVSS9.2AI score0.0036EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/01 12:0 a.m.8 views

PT-2024-13860 · Stmicroelectronics · Stsafe-A1Xx +1

Name of the Vulnerable Software and Affected Versions: STMicroelectronics STSAFE-A1xx versions prior to 3.3.7 X-CUBE-SAFEA1 Software Package for STSAFE-A sample applications version 1.2.0 Description: The issue allows MCU code execution if an adversary has the ability to read from and write to th...

7.5CVSS8.2AI score0.00595EPSS
Exploits3References8
GitLab Advisory Database
GitLab Advisory Database
added 2023/08/31 12:0 a.m.5 views

Filename spoofing in archive

An issue in Archive v3.3.7 allows attackers to spoof zip filenames which can lead to inconsistent filename parsing...

7.8CVSS7.1AI score0.00321EPSS
Exploits1References8Affected Software1
CNNVD
CNNVD
added 2023/08/30 12:0 a.m.4 views

Archive 路径遍历漏洞

Archive is a Dart library for encoding and decoding various archive and compression formats such as Zip, Tar, GZip, ZLib and BZip2. A security vulnerability exists in Archive version v3.3.7 that originates from allowing an attacker to perform path traversal by extracting a carefully crafted zip...

7.8CVSS7.4AI score0.00341EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/08/30 12:0 a.m.3 views

PT-2023-26799 · Archive · Archive

Name of the Vulnerable Software and Affected Versions: Archive version 3.3.7 Description: The issue allows attackers to spoof zip filenames, leading to inconsistent filename parsing. Recommendations: For Archive version 3.3.7, consider restricting the parsing of zip filenames to minimize the risk...

7.8CVSS7.2AI score0.00321EPSS
Exploits1References11
Patchstack
Patchstack
added 2023/08/29 12:0 a.m.13 views

WordPress Order Tracking Plugin <= 3.3.6 is vulnerable to Cross Site Scripting (XSS)

Software Order Tracking Type Plugin Vulnerable versions = 3.3.6 Fixed in 3.3.7 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4471 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 29d4142f0f03 Credits Marco Wotschka...

6.1CVSS5.6AI score0.00466EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/03/10 10:15 p.m.5 views

CVE-2023-23328

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...

8.8CVSS7.3AI score0.01011EPSS
Exploits1References2
OSV
OSV
added 2023/03/10 10:15 p.m.6 views

CVE-2023-23326

A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...

5.4CVSS6.2AI score0.00487EPSS
Exploits1References2
Prion
Prion
added 2023/03/10 10:15 p.m.12 views

Unrestricted file upload

A File Upload vulnerability exists in AvantFAX 3.3.7. An authenticated user can bypass PHP file type validation in FileUpload.php by uploading a specially crafted PHP file...

6.5CVSS8.5AI score0.01011EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.5 views

PT-2023-18908 · Avantfax · Avantfax

Name of the Vulnerable Software and Affected Versions: AvantFAX version 3.3.7 Description: A Stored Cross-Site Scripting XSS issue exists, allowing an authenticated low-privilege user to inject arbitrary Javascript into their e-mail address. This code is executed when an administrator logs in to...

5.4CVSS5.9AI score0.00487EPSS
Exploits1References5
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.5 views

iFAX AvantFAX 信息泄露漏洞

iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from an information disclosure vulnerability where backups of...

4.9CVSS5.4AI score0.00818EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/03/10 12:0 a.m.23 views

CVE-2023-23326

A Stored Cross-Site Scripting XSS vulnerability exists in AvantFAX 3.3.7. An authenticated low privilege user can inject arbitrary Javascript into their e-mail address which is executed when an administrator logs into AvantFAX to view the admin dashboard. This may result in stealing an...

5.3AI score0.00487EPSS
Exploits1References1
CVE
CVE
added 2023/03/10 12:0 a.m.55 views

CVE-2023-23326

AvantFAX 3.3.7 contains a Stored Cross-Site Scripting (XSS) vulnerability. An authenticated low-privilege user can inject arbitrary JavaScript into their email address, which is executed when an administrator logs in to view the admin dashboard, potentially enabling theft of the administrator’s s...

5.4CVSS5.1AI score0.00487EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.6 views

iFAX AvantFAX 代码问题漏洞

iFAX AvantFAX is a web application from iFAX Corporation that allows users to view and send faxes on any platform without the need to install special software. A security vulnerability exists in iFAX AvantFAX version 3.3.7, which stems from a file upload vulnerability that can be exploited by an...

8.8CVSS8AI score0.01011EPSS
Exploits1References3
CVE
CVE
added 2023/03/10 12:0 a.m.58 views

CVE-2023-23327

Summary (concrete facts): CVE-2023-23327 affects AvantFAX 3.3.7, where backups of sent/received faxes and database backups are stored on the web server with the current date as filenames and without access controls, enabling potential information disclosure. Multiple connected sources corroborate...

4.9CVSS5AI score0.00818EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2022/09/08 8:15 a.m.3 views

CVE-2022-38094

OS command injection vulnerability in the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...

8.8CVSS6AI score0.01525EPSS
Exploits0References2
OSV
OSV
added 2022/09/08 8:15 a.m.5 views

CVE-2022-34869

Undocumented hidden command that can be executed from the telnet function of CentreCOM AR260S V2 firmware versions prior to Ver.3.3.7 allows a remote authenticated attacker to execute an arbitrary OS command...

8.8CVSS6AI score0.00986EPSS
Exploits0References2
Rows per page
Query Builder