26 matches found
EUVD-2020-6143
Malware in sbrugna...
EUVD-2020-6142
Malware in sbrugna...
CVE-2020-13968
CRK Business Platform = 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter...
CVE-2020-13969
CRK Business Platform = 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent...
The vulnerability of the software platform for developing and managing Adobe Commerce B2B stores relates to deficiencies in authentication mechanisms, allowing attackers to circumvent existing security restrictions.
The vulnerability of the software platform for developing and managing Adobe Commerce B2B is related to deficiencies in authentication mechanisms. Exploiting this vulnerability could allow a malicious actor to circumvent existing security restrictions remotely...
CVE-2023-50423 Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud-pysec)
SAP BTP Security Services Integration Library Python sap-xssec - versions 4.1.0, allow under certain conditions an escalation of privileges. On successful exploitation, an unauthenticated attacker can obtain arbitrary permissions within the application...
Cross site scripting
ZTE's big video business platform has two reflective cross-site scripting XSS vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects:...
CVE-2021-21738
ZTE's big video business platform has two reflective cross-site scripting XSS vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects:...
File Upload Vulnerability in e-office Panmicro Collaboration Office System
e-cology is a collaborative business platform with enterprise information portal, knowledge management, data center, workflow management, human resource management, customer and partner management, project management, financial management, and asset management functions. A file upload vulnerabili...
Directory Traversal Vulnerability in Collaborative Business Platform of Guangzhou Consulting Technology Co.
Guangzhou Consultative Technology Co., Ltd. specializes in large-scale manufacturing product development and management of collaborative business software consulting and services. A directory traversal vulnerability exists in the collaborative business platform of Guangzhou Consultative Technolog...
CVE-2020-13968
CRK Business Platform = 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter...
CVE-2020-13969
CRK Business Platform = 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent...
CVE-2020-13969
CRK Business Platform = 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent...
CVE-2020-13968
CRK Business Platform = 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter...
Cross site scripting
CRK Business Platform = 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent...
Code injection
CRK Business Platform = 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter...
CVE-2020-13969
CRK Business Platform = 2019.1 allows reflected XSS via erro.aspx on 'CRK', 'IDContratante', 'Erro', or 'Mod' parameter. This is path-independent...
CVE-2020-13969
CVE-2020-13969 affects CRK Business Platform <= 2019.1 and is caused by a reflected XSS in erro.aspx through the parameters CRK, IDContratante, Erro, or Mod. The vulnerability is path-independent, meaning the attack could be triggered regardless of URL path. Related entries (NVD, Red Hat, EUVD...
CVE-2020-13968
CRK Business Platform = 2019.1 allows can inject SQL statements against the DB on any path using the 'strSessao' parameter...
CVE-2020-13968
CRK Business Platform <= 2019.1 is vulnerable to SQL injection via the strSessao parameter on any path, allowing the attacker to inject statements against the database. The root cause is unauthenticated input in the strSessao parameter that is not properly sanitized before being used in SQL st...