Lucene search
K

80 matches found

NVD
NVD
added 2025/10/17 7:15 p.m.3 views

CVE-2025-11908

A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...

8.8CVSS0.00454EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/10/17 6:32 p.m.3 views

CVE-2025-11909 Shenzhen Ruiming Technology Streamax Crocus RepairRecord.do queryLast sql injection

A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote...

6.5CVSS6.5AI score0.0045EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/17 6:32 p.m.11 views

CVE-2025-11909 Shenzhen Ruiming Technology Streamax Crocus RepairRecord.do queryLast sql injection

A weakness has been identified in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is the function queryLast of the file /RepairRecord.do?Action=QueryLast. Executing manipulation of the argument orderField can lead to sql injection. The attack may be performed from remote...

6.5CVSS0.0045EPSS
Exploits1References4
CVE
CVE
added 2025/10/17 6:32 p.m.9 views

CVE-2025-11909

CVE-2025-11909 affects Shenzhen Ruiming Technology Streamax Crocus (v1.3.40). The vulnerable element is the function queryLast in /RepairRecord.do?Action=QueryLast, where manipulating the argument orderField enables SQL injection. The flaw can be exploited remotely and public PoCs exist. Affected...

8.8CVSS6.5AI score0.0045EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/10/17 6:32 p.m.3 views

CVE-2025-11908 Shenzhen Ruiming Technology Streamax Crocus FileDir.do uploadFile unrestricted upload

A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...

6.5CVSS6.4AI score0.00454EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/10/17 6:32 p.m.10 views

CVE-2025-11908 Shenzhen Ruiming Technology Streamax Crocus FileDir.do uploadFile unrestricted upload

A security flaw has been discovered in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element is the function uploadFile of the file /FileDir.do?Action=Upload. Performing manipulation of the argument File results in unrestricted upload. The attack is possible to be carried out...

6.5CVSS0.00454EPSS
Exploits1References4
CVE
CVE
added 2025/10/17 6:32 p.m.12 views

CVE-2025-11908

The CVE-2025-11908 entry describes a remote, unrestricted file-upload flaw in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The vulnerable component is the uploadFile function under the endpoint /FileDir.do?Action=Upload; malicious manipulation of the File argument enables unrestricted file...

8.8CVSS6.4AI score0.00454EPSS
Exploits1References4Affected Software1
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.4 views

Streamax Crocus SQL注入漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A SQL injection vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter orderField in the file...

8.8CVSS6.9AI score0.0045EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.4 views

Streamax Crocus 路径遍历漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A path traversal vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter Path in the file /Service.do, and...

6.5CVSS4.8AI score0.00783EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.6 views

Streamax Crocus SQL注入漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A SQL injection vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter orderField in the file...

8.8CVSS6.9AI score0.0045EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.3 views

Streamax Crocus SQL注入漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A SQL injection vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter orderField in the file...

8.8CVSS6.9AI score0.0045EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.4 views

Streamax Crocus 代码问题漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A code issue vulnerability exists in Streamax Crocus version 1.3.40, which stems from an incorrect manipulation of the parameter File in File/FileDir.do and could...

8.8CVSS6.7AI score0.00454EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.2 views

Streamax Crocus SQL注入漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A SQL injection vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter sortField in the file...

8.8CVSS6.9AI score0.0045EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/10/17 12:0 a.m.3 views

Streamax Crocus 路径遍历漏洞

Streamax Crocus is a system used by China Ruiming Streamax to reduce commercial vehicles to reduce traffic accidents and cargo loss. A path traversal vulnerability exists in Streamax Crocus version 1.3.40, which stems from incorrect manipulation of the parameter FilePath in the file...

7.5CVSS4.8AI score0.00813EPSS
Exploits1References5
CNVD
CNVD
added 2021/06/02 12:0 a.m.1 views

Weak password vulnerability in Crocus

Crocus is an energy data analytics platform. Crocus suffers from a weak password vulnerability that can be exploited by attackers to obtain sensitive information...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/12/09 9:42 p.m.8 views

crocus-hall.ru XSS vulnerability

Open Bug Bounty ID: OBB-709464 Description| Value ---|--- Affected Website:| crocus-hall.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/02/11 1:47 p.m.11 views

crocus-hall.ru XSS vulnerability

Open Bug Bounty ID: OBB-557212 Description| Value ---|--- Affected Website:| crocus-hall.ru Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden until disclosure Disclosure Standard:| Coordinated Disclosure based on ISO 2914...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/02/09 9:48 p.m.7 views

crocus-hall.ru XSS vulnerability

Open Bug Bounty ID: OBB-556051 Description| Value ---|--- Affected Website:| crocus-hall.ru Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/11/11 12:7 a.m.11 views

crocus-hall.ru XSS vulnerability

Open Bug Bounty ID: OBB-407833 Description| Value ---|--- Affected Website:| crocus-hall.ru Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat...

6.3AI score
Exploits0
Openbugbounty
Openbugbounty
added 2016/07/08 1:29 p.m.13 views

crocus-expo.ru Open Redirect vulnerability

Vulnerable URL: http://www.crocus-expo.ru/bitrix/rk.php?goto=http://openbugbounty.org Details: Description| Value ---|--- Patched:| Yes, at 27.07.2017 Latest check for patch:| 27.07.2017 10:31 GMT Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 312569 VIP...

6.9AI score
Exploits0
Rows per page
Query Builder