Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:52 p.m.5 views

CVE-2021-34878

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS6.9AI score0.01945EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/06/14 12:0 a.m.23 views

CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

7.7AI score0.00703EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/06/14 12:0 a.m.8 views

CVE-2023-34878

An issue was discovered in Ujcms v6.0.2 allows attackers to gain sensitive information via the dir parameter to /api/backend/core/web-file-html/download-zip...

6.7AI score0.00703EPSS
Exploits1References1
CVE
CVE
added 2023/06/14 12:0 a.m.49 views

CVE-2023-34878

CVE-2023-34878 affects Ujcms v6.0.2, where the dir parameter in the endpoint "/api/backend/core/web-file-html/download-zip" can cause leakage of sensitive information. The CVSS v3.1 base score is 7.5 (HIGH) with NETWORK access, LOW attack complexity, NONE privileges, NONE user interaction, and CO...

7.5CVSS7.5AI score0.00703EPSS
Exploits1References1Affected Software1
Circl
Circl
added 2022/09/22 3:12 p.m.9 views

CVE-2022-34878

creationtimestamp| type| source ---|---|--- 2022-09-22 15:12:31+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/vicidialmultiplesqli.rb 2023-01-02 09:02:10+00:00| seen| https://t.me/cibsecurity/45605 2025-02-06 03:13:45+00:00| seen|...

9CVSS8.2AI score0.02726EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/07/05 3:40 p.m.30 views

CVE-2022-34878 VICIDial 2.14b0.5 SVN 3550 was discovered to contain a SQL injection vulnerability at /vicidial/user_stats.php.

SQL Injection vulnerability in User Stats interface /vicidial/userstats.php of VICIdial via the filedownload parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailable, and beco...

5.5CVSS9.1AI score0.02726EPSS
Exploits1References2
CVE
CVE
added 2022/07/05 3:40 p.m.78 views

CVE-2022-34878

CVE-2022-34878 affects VICIdial (notably VICIdial 2.14b0.5 and related builds) via an authenticated SQL injection in the /vicidial/user_stats.php file_download parameter. Connected docs confirm concrete exploitation: multiple authenticated SQLi paths and a module exploiting this (e.g., VICIdial M...

9CVSS7.3AI score0.02726EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/01/13 10:15 p.m.3 views

CVE-2021-34878

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Bentley View 10.15.0.75. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsin...

7.8CVSS7.5AI score0.01945EPSS
Exploits0References2
CVE
CVE
added 2022/01/13 9:43 p.m.60 views

CVE-2021-34878

Bentley View 10.15.0.75 is affected by CVE-2021-34878 due to a vulnerability in JT file parsing that can trigger a write past the end of an allocated buffer, allowing remote code execution. The attack requires user interaction (visiting a malicious page or opening a malicious JT file) and leverag...

7.8CVSS7.8AI score0.01945EPSS
Exploits0References2Affected Software2
CVE
CVE
added 1976/01/01 12:0 a.m.6 views

CVE-2025-34878

CVE-2025-34878 is rejected/not used and does not represent an active vulnerability entry.

6.6AI score
Exploits0
Cvelist
Cvelist
added 1976/01/01 12:0 a.m.24 views

CVE-2025-34878

...

Exploits0
Rows per page
Query Builder