11 matches found
EUVD-2025-42787
Malicious code in okta-peyek83-miaww npm...
CVE-2024-42787
A Stored Cross Site Scripting XSS vulnerability was found in "/music/ajax.php?action=saveplaylist" in Kashipara Music Management System v1.0. This vulnerability allows remote attackers to execute arbitrary code via "title" & "description" parameter fields...
CVE-2023-42787
A client-side enforcement of server-side security CWE-602 vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 may allow a remote attacker with low privileges to access a privileged web console via client side code execution...
CVE-2022-42787
creationtimestamp| type| source ---|---|--- 2025-05-01 19:14:57+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/14374...
CVE-2024-42787
creationtimestamp| type| source ---|---|--- 2024-08-26 17:59:17+00:00| seen| https://t.me/cvedetector/4165...
CVE-2023-42787
Fortinet FortiManager (versions 7.4.0 and before 7.2.3) and FortiAnalyzer (versions 7.4.0 and before 7.2.3) are affected by a client-side enforcement of server-side security vulnerability (CWE-602) that could allow a remote attacker with low privileges to access a privileged web console via clien...
CVE-2022-42787 Wiesemann & Theis: Small number space for allocating session id in Com-Server family
Multiple W&T products of the Comserver Series use a small number space for allocating sessions ids. After login of an user an unathenticated remote attacker can brute force the users session id and get access to his account on the the device. As the user needs to log in for the attack to be...
CVE-2022-42787
Wiesemann & Theis Comserver Series (W&T Comserver) is affected by CVE-2022-42787 due to using a small number space for session IDs. After a user logs in, an unauthenticated remote attacker can brute-force a valid session ID to gain access to the user’s account on the device. User interaction is r...
CVE-2021-42787
creationtimestamp| type| source ---|---|--- 2022-03-10 20:13:11+00:00| seen| https://t.me/cibsecurity/38666...
CVE-2021-42787 Directory Traversal Write/Delete/Partial Read at AgentConfigurationServlet
It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent's DSA AgentConfigurationServlet has directory traversal vulnerabilities at the "/api/appInternals/1.0/agent/configuration" API. The affected endpoint does not have any input validation of the user's input that allows a...
CVE-2021-42787
The CVE-2021-42787 entry concerns the SteelCentral AppInternals Dynamic Sampling Agent (DSA) AgentConfigurationServlet. The vulnerability is a directory traversal flaw in the API endpoint /api/appInternals/1.0/agent/configuration, caused by lack of input validation on user input, which could enab...