CVE-2023-4852

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-4852

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-4852

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-4852 TOTOLINK A3002R VPN Page cross site scripting

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-4852 TOTOLINK A3002R VPN Page cross site scripting

A vulnerability, which was classified as problematic, has been found in TOTOLINK A3002R 2.1.1-B20230720.1011. This issue affects some unknown processing of the component VPN Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-4852

CVE-2025-4852 affects TOTOLINK A3002R (firmware 2.1.1-B20230720.1011) in the VPN Page component. The vulnerability is a cross-site scripting (XSS) flaw caused by improper handling of the Comment parameter. It can be triggered remotely and, per sources in PT-2025-21827 and other references, has le...

Security Bulletin: The IBM® Engineering Lifecycle Management is impacted by vulnerabilties in Apache Commons Collections

Summary Multiple vulnerabilities have been identified in Apache Commons Collections, which is used in IBM Engineering Lifecycle Management - IBM Jazz. This bulletin contains information regarding vulnerabilities and remediation actions. Vulnerability Details CVEID:CVE-2017-15708 DESCRIPTION: Apac...

SUSE: Security Advisory (SUSE-SU-2023:3934-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2023-4852

creationtimestamp| type| source ---|---|--- 2023-09-09 16:20:29+00:00| seen| https://t.me/cibsecurity/70178...

CVE-2023-4852 IBOS OA optimize sql injection

A vulnerability was found in IBOS OA 4.5.5 and classified as critical. This issue affects some unknown processing of the file ?r=dashboard/database/optimize. The manipulation leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used...

Security Bulletin: Multiple vulnerabilities of Apache common collections (commons-collections-3.2.jar) have affected APM WebSphere Application Server Agent

Summary APM WebSphere Application Server Agent is vulnerable to Apache common collections commons-collections-3.2.jar. The fix includes commons-collections-3.2.jar upgraded to commons-collections-3.2.2.jar. CVE-2015-4852, CVE-2017-15708 and CVE-2019-13116 Vulnerability Details CVEID:CVE-2015-4852...

CVE-2022-4852

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

SUSE CVE-2015-4852

The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3 protocol traffic to TCP port 7001, related to...

Debian DSA-4852-1 : openvswitch - security update

Joakim Hindersson discovered that Open vSwitch, a software-based Ethernet virtual switch, allowed a malicious user to cause a denial-of-service by sending a specially crafted packet. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

CVE-2019-4852

...

CVE-2019-4852

CVE-2019-4852 is rejected/not used; this CVE ID does not represent an active vulnerability entry.

Oracle Weblogic Server Deserialization RCE - Raw Object (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core/exploit/powershell' class MetasploitModule 'Oracle Weblogic Server Deserialization RCE - Raw Object', 'Description' = %q An unauthenticated attacker wi...

Oracle Weblogic Server Deserialization RCE - Raw Object

An unauthenticated attacker with network access to the Oracle Weblogic Server T3 interface can send a serialized object weblogic.jms.common.StreamMessageImpl to the interface to execute code on vulnerable hosts. This module requires Metasploit: https://metasploit.com/download Current source:...

CVE-2018-4852

CVE-2018-4852 affects Siemens SICLOCK TC100 and TC400 (all versions). A network attacker could bypass authentication by exploiting device-specific knowledge, potentially gaining read/modify access to configuration. NVD reports CVSSv3 base score 9.8 (CRITICAL) and CVSSv2 7.5 (HIGH); attack vector ...

CVE-2017-4852

CVE-2017-4852 is rejected/not used per the Initial Description.