CVE-2023-4852

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-4852

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-4852

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-4852

CVE-2025-4852 affects TOTOLINK A3002R (firmware 2.1.1-B20230720.1011) in the VPN Page component. The vulnerability is a cross-site scripting (XSS) flaw caused by improper handling of the Comment parameter. It can be triggered remotely and, per sources in PT-2025-21827 and other references, has le...

CVE-2025-4852 TOTOLINK A3002R VPN Page cross site scripting

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-4852 TOTOLINK A3002R VPN Page cross site scripting

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...

SUSE: Security Advisory (SUSE-SU-2023:3934-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4852

creationtimestamp| type| source ---|---|--- 2023-09-09 16:20:29+00:00| seen| https://t.me/cibsecurity/70178...

CVE-2023-4852 IBOS OA optimize sql injection

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent

Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...

CVE-2022-4852

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

SUSE CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

Debian DSA-4852-1 : openvswitch - security update

Joakim Hindersson discovered that Open vSwitch, a software-based Ethernet virtual switch, allowed a malicious user to cause a denial-of-service by sending a specially crafted packet. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

CVE-2019-4852

...

CVE-2019-4852

CVE-2019-4852 is rejected/not used; this CVE ID does not represent an active vulnerability entry.

Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - Raw Object', 'Description' = %q An unauthenticated attacker wi...

Oracle Weblogic Server Deserialization RCE - Raw Object

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object weblogic.jms.common.StreamMessageImpl to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2018-4852

CVE-2018-4852 affects Siemens SICLOCK TC100 and TC400 (all versions). A network attacker could bypass authentication by exploiting device-specific knowledge, potentially gaining read/modify access to configuration. NVD reports CVSSv3 base score 9.8 (CRITICAL) and CVSSv2 7.5 (HIGH); attack vector ...

CVE-2017-4852

CVE-2017-4852 is rejected/not used per the Initial Description.