Lucene search
+L

69 matches found

Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.5 views

PT-2024-20980 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the idlist parameter at the "/WorkFlow/wf work print.aspx" API endpoint. This allows for potential exploitation. Recommendations: For versions 6.01...

9.8CVSS7.4AI score0.00696EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/05/08 12:0 a.m.4 views

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the lack of validation of the templateid parameter of the /WorkFlow/wfgetfieldsapprove.aspx file against externally entered SQL statements. An attacker ca...

9.4CVSS8.2AI score0.00618EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/08 12:0 a.m.10 views

PT-2024-20984 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the file id parameter at the "/filemanage/file memo.aspx" API endpoint. This allows for potential exploitation. Recommendations: For versions 6.01 throu...

9.8CVSS7.5AI score0.00696EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.9 views

PT-2024-20974 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: A SQL injection issue was discovered via the attach id parameter at the "/Bulletin/AttachDownLoad.aspx" API endpoint. This allows for potential exploitation. Recommendations: For versions 6.01...

8.1CVSS7.5AI score0.00533EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.4 views

PT-2024-20973 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/AddressBook/address public new.aspx" API endpoint. Recommendations: For...

9.4CVSS7.4AI score0.00617EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.5 views

PT-2024-20972 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/AddressBook/address public show.aspx" API endpoint. Recommendations: For...

9.8CVSS7.7AI score0.00695EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/05/07 12:0 a.m.3 views

RuvarOA 安全漏洞

RuvarOA is an office automation system of Ruvar China. A SQL injection vulnerability exists in RuvarOA v6.01 and v12.01, which originates from the id parameter of the /bulletin/bulletintemplateshow.aspx file that lacks validation of externally entered SQL statements. An attacker can exploit this...

9.8CVSS8.2AI score0.00695EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.6 views

PT-2024-20975 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the file id parameter at the "/CorporateCulture/kaizen download.aspx" API endpoint. Recommendation...

7.8CVSS7.7AI score0.00315EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/05/07 12:0 a.m.6 views

PT-2024-20976 · Ruvaroa · Ruvaroa

Name of the Vulnerable Software and Affected Versions: RuvarOA versions 6.01 through 12.01 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the template id parameter at the "/SysManage/wf template child field list.aspx" API endpoint...

9.4CVSS7.4AI score0.00558EPSS
Exploits1References4
Prion
Prion
added 2023/05/30 8:15 a.m.23 views

Cross site scripting

The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

4.9CVSS5.3AI score0.00444EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/30 7:49 a.m.8 views

CVE-2022-4676 OSM – OpenStreetMap <= 6.01 - Contributor+ Stored XSS via Shortcode

The OSM WordPress plugin through 6.01 does not validate and escape some of its shortcode attributes, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attack...

6.1AI score0.00444EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/05/30 12:0 a.m.3 views

WordPress plugin OSM 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00444EPSS
Exploits2References2
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.23 views

NewStart CGSL MAIN 6.01 : tigervnc Multiple Vulnerabilities (NS-SA-2020-0032)

The remote NewStart CGSL host, running version MAIN 6.01, has tigervnc packages installed that are affected by multiple vulnerabilities: - TigerVNC version prior to 1.10.1 is vulnerable to stack use-after-return, which occurs due to incorrect usage of stack memory in ZRLEDecoder. If decoding...

7.2CVSS7.7AI score0.04773EPSS
Exploits5References6
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.47 views

NewStart CGSL MAIN 6.01 : python-pip Multiple Vulnerabilities (NS-SA-2020-0035)

The remote NewStart CGSL host, running version MAIN 6.01, has python-pip packages installed that are affected by multiple vulnerabilities: - The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA...

9.8CVSS7AI score0.07443EPSS
Exploits3References5
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.46 views

NewStart CGSL MAIN 6.01 : unbound Multiple Vulnerabilities (NS-SA-2020-0037)

The remote NewStart CGSL host, running version MAIN 6.01, has unbound packages installed that are affected by multiple vulnerabilities: - Unbound 1.6.4 through 1.9.4 contain a vulnerability in the ipsec module that can cause shell code execution after receiving a specially crafted answer. This...

7.5CVSS6.8AI score0.03588EPSS
Exploits1References4
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.46 views

NewStart CGSL MAIN 6.01 : sqlite Multiple Vulnerabilities (NS-SA-2020-0031)

The remote NewStart CGSL host, running version MAIN 6.01, has sqlite packages installed that are affected by multiple vulnerabilities: - SQLite3 from 3.6.0 to and including 3.27.2 is vulnerable to heap out-of-bound read in the rtreenode function when handling invalid rtree tables. CVE-2019-8457 -...

9.8CVSS7.2AI score0.45426EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.36 views

NewStart CGSL MAIN 6.01 : kernel Multiple Vulnerabilities (NS-SA-2020-0030)

The remote NewStart CGSL host, running version MAIN 6.01, has kernel packages installed that are affected by multiple vulnerabilities: - A flaw was found in the Linux kernel's NFS implementation, all versions 3.x and all versions 4.x up to 4.20. An attacker, who is able to mount an exported NFS...

9.8CVSS6.8AI score0.05845EPSS
Exploits1References18
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.27 views

NewStart CGSL MAIN 6.01 : pcp Multiple Vulnerabilities (NS-SA-2020-0032)

The remote NewStart CGSL host, running version MAIN 6.01, has pcp packages installed that are affected by multiple vulnerabilities: - libpcp in Performance Co-Pilot PCP before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via 1 a PDU with the...

5CVSS6.4AI score0.05753EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.22 views

NewStart CGSL MAIN 6.01 : gnutls Vulnerability (NS-SA-2020-0033)

The remote NewStart CGSL host, running version MAIN 6.01, has gnutls packages installed that are affected by a vulnerability: - GnuTLS 3.6.x before 3.6.13 uses incorrect cryptography for DTLS. The earliest affected version is 3.6.3 2018-07-16 because of an error in a 2017-10-06 commit. The DTLS...

7.4CVSS6.9AI score0.03388EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2020/07/21 12:0 a.m.29 views

NewStart CGSL MAIN 6.01 : zziplib Vulnerability (NS-SA-2020-0034)

The remote NewStart CGSL host, running version MAIN 6.01, has zziplib packages installed that are affected by a vulnerability: - Directory traversal vulnerability in ZZIPlib 0.13.69 allows attackers to overwrite arbitrary files via a .. dot dot in a zip file, because of the function unzzipcat in...

5.8CVSS6.1AI score0.01538EPSS
Exploits1References2
Rows per page
Query Builder