Lucene search
K

84 matches found

OSV
OSV
added 2022/11/16 10:15 p.m.6 views

CVE-2022-44007

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...

8.8CVSS5.8AI score0.00804EPSS
Exploits1References2
OSV
OSV
added 2022/11/16 10:15 p.m.6 views

CVE-2022-44008

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly...

6.5CVSS5.9AI score0.0082EPSS
Exploits1References1
NVD
NVD
added 2022/11/16 10:15 p.m.24 views

CVE-2022-44007

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...

8.8CVSS0.00804EPSS
Exploits1References2
NVD
NVD
added 2022/11/16 10:15 p.m.13 views

CVE-2022-43999

An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...

9.8CVSS0.00949EPSS
Exploits1References2
OSV
OSV
added 2022/11/16 10:15 p.m.3 views

CVE-2022-43999

An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...

9.8CVSS5.9AI score0.00949EPSS
Exploits1References2
Prion
Prion
added 2022/11/16 10:15 p.m.17 views

Session fixation

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an unsafe implementation of session tracking, it is possible for an attacker to trick users into opening an authenticated user session for a session identifier known to the attacker, aka Session Fixation...

6.8CVSS8.5AI score0.00804EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/11/16 10:15 p.m.21 views

Input validation

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly...

4CVSS6.4AI score0.0082EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/11/16 10:15 p.m.13 views

Code injection

An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...

7.5CVSS9.4AI score0.00949EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/11/16 12:0 a.m.5 views

PT-2022-27064 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to insufficient output encoding of user-supplied data, making the web application vulnerable to cross-site scripting XSS at various locations. Recommendations: For...

6.1CVSS6AI score0.00353EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.10 views

CVE-2022-44002

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient output encoding of user-supplied data, the web application is vulnerable to cross-site scripting XSS at various locations...

5.9AI score0.00353EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.7 views

CVE-2022-43999

An issue was discovered in BACKCLICK Professional 5.9.63. Due to exposed CORBA management services, arbitrary system commands can be executed on the server...

7.2AI score0.00949EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.7 views

CVE-2022-44006

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation or sanitization of upload filenames, an externally reachable, unauthenticated update function permits writing files outside the intended target location. Achieving remote code execution is possible, e.g., by...

8AI score0.01877EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.6 views

CVE-2022-44008

An issue was discovered in BACKCLICK Professional 5.9.63. Due to improper validation, arbitrary local files can be retrieved by accessing the back-end Tomcat server directly...

6.8AI score0.0082EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/11/16 12:0 a.m.3 views

PT-2022-27069 · Unknown · Backclick Professional

Name of the Vulnerable Software and Affected Versions: BACKCLICK Professional version 5.9.63 Description: An issue was discovered due to an unsafe implementation of session tracking, making it possible for an attacker to trick users into opening an authenticated user session for a session...

8.8CVSS6.8AI score0.00804EPSS
Exploits1References5
Cvelist
Cvelist
added 2022/11/16 12:0 a.m.20 views

CVE-2022-44003

An issue was discovered in BACKCLICK Professional 5.9.63. Due to insufficient escaping of user-supplied input, the application is vulnerable to SQL injection at various locations...

10AI score0.01488EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.4 views

BACKCLICK 安全漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which stems from the use of consecutive IDs in the validation link, the...

5.3CVSS5.8AI score0.00612EPSS
Exploits1References4
Cvelist
Cvelist
added 2022/11/16 12:0 a.m.27 views

CVE-2022-44005

An issue was discovered in BACKCLICK Professional 5.9.63. Due to the use of consecutive IDs in verification links, the newsletter sign-up functionality is vulnerable to the enumeration of subscribers' e-mail addresses. Furthermore, it is possible to subscribe and verify other persons' e-mail...

5.6AI score0.00612EPSS
Exploits1References2
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.3 views

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63, which originates from improper authentication, and can be exploited by an...

6.5CVSS6.7AI score0.0082EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.3 views

BACKCLICK 跨站脚本漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure, and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional 5.9.63, which stems from insufficient output coding of user-supplied data allowing an attacker...

6.1CVSS5.6AI score0.00353EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2022/11/16 12:0 a.m.4 views

CVE-2022-44000

An issue was discovered in BACKCLICK Professional 5.9.63. Due to an exposed internal communications interface, it is possible to execute arbitrary system commands on the server...

7.7AI score0.00949EPSS
Exploits1References2
Rows per page
Query Builder