Lucene search
K

243 matches found

SUSE CVE
SUSE CVE
added 2023/02/15 5:47 a.m.4 views

SUSE CVE-2012-1763

Unspecified vulnerability in the Oracle Clinical/Remote Data Capture component in Oracle Industry Applications 4.6.0 and 4.6.2 allows remote authenticated users to affect confidentiality, related to HTML Surround...

4CVSS6.5AI score0.01136EPSS
Exploits0References3
CVE
CVE
added 2022/12/08 10:14 p.m.69 views

CVE-2022-41947

CVE-2022-41947 describes a cross-site scripting (XSS) vulnerability in DHIS 2 core where an authenticated user can upload a file containing embedded JavaScript, which could be triggered when another authenticated user opens the file in a browser. Affected versions are DHIS 2 prior to 2.36.12.1, 2...

5.4CVSS5.2AI score0.00351EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/12/08 10:14 p.m.30 views

CVE-2022-41947 Cross-site Scripting with user-uploaded files in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Through various features of DHIS2, an authenticated user may be able to upload a file which includes embedded javascript. The user could then potentially trick another authenticated...

5.4CVSS5.4AI score0.00351EPSS
Exploits0References2
CVE
CVE
added 2022/12/08 9:57 p.m.73 views

CVE-2022-41949

CVE-2022-41949 affects DHIS 2 core. An authenticated DHIS2 user can craft a request that makes the server fetch external resources, enabling a semi‑blind Server-Side Request Forgery (SSRF) in the dhis2-core component. This can allow an attacker to identify vulnerable services not publicly exposed...

5CVSS4.5AI score0.004EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/12/08 9:57 p.m.22 views

CVE-2022-41949 Semi-blind Server-Side Request Forgery in dhis2-core

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. In affected versions an authenticated DHIS2 user can craft a request to DHIS2 to instruct the server to make requests to external resources like third party servers. This could allow...

5CVSS4.6AI score0.004EPSS
Exploits0References4
Huntr
Huntr
added 2022/08/08 10:45 p.m.9 views

Modify other people's articles by modifying the data package

Description The program does not check whether the originator of the request has this permission. I can modify the content of other people's articles and even modify the content by capturing data packets, even if I am not the owner of the article, even if I do not have permission in this respect...

0.3AI score
Exploits0References1
Huntr
Huntr
added 2022/06/07 10:15 p.m.24 views

Account Takeover via Webhook Handlebars + API Reset Password

Description Through the Webhook functionality, the attacker is able to use Handlebars to capture sensitive user data. Capturing the emailverificationtoken, which through the API I found the PasswordForget function, enabling account takeover via password reset. Steps 1. - Create Table 2. - Select...

6.8CVSS0.3AI score0.01359EPSS
Exploits1
OSV
OSV
added 2022/06/01 5:20 p.m.29 views

CVE-2022-24848 SQL Injection in DHIS2's in OrgUnit program association

DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the /api/programs/orgUnits?programs= API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from...

8.8CVSS8.7AI score0.01064EPSS
Exploits0References6
CVE
CVE
added 2022/06/01 5:20 p.m.739 views

CVE-2022-24848

DHIS2 SQL Injection (CVE-2022-24848) affects the API endpoint /api/programs/orgUnits?programs= for DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The vulnerability requires the attacker to be logged in as a DHIS2 user and could allow reading, editing, or deleting data in the instance’s database....

8.8CVSS8.9AI score0.01064EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2022/05/14 12:15 a.m.15 views

Path traversal

OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...

7.5CVSS9.8AI score0.02935EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/13 11:40 p.m.33 views

CVE-2022-24830 Path Traversal in OpenClinica

OpenClinica is an open source software for Electronic Data Capture EDC and Clinical Data Management CDM. OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known...

6.5CVSS10AI score0.02935EPSS
Exploits1References2
NVD
NVD
added 2022/04/06 2:15 a.m.24 views

CVE-2021-45104

An issue was discovered in HTCondor 9.0.x before 9.0.10 and 9.1.x before 9.5.1. An attacker who can capture HTCondor network data can interfere with users' jobs and data...

7.4CVSS0.00569EPSS
Exploits0References2
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/03 5:16 p.m.50 views

Security Bulletin: IBM InfoSphere Change Data Capture is affected by a Jackson 2.3.3 and 2.4.4 open source library vulnerabilities

Summary IBM Data Replication has addressed the following vulnerabilities: CVE-2017-17485 CVE-2018-5968 CVE-2017-15095 CVE-2017-7525 CVE-2018-7489 Vulnerability Details CVEID: CVE-2017-17485 DESCRIPTION: Jackson-databind could allow a remote attacker to execute arbitrary code on the system, caused...

9.8CVSS9.7AI score0.49727EPSS
Exploits7Affected Software1
CVE
CVE
added 2021/11/01 9:20 p.m.48 views

CVE-2021-41187

CVE-2021-41187 concerns DHIS 2. A SQL injection vulnerability exists in specific DHIS2 versions (2.32, 2.33, 2.34, 2.35, 2.36) affecting the REST endpoints for /api/trackedEntityInstances and /api/events . Exploitation requires the attacker to be an authenticated DHIS2 user, and successful exploi...

8.8CVSS8.8AI score0.00827EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2021/10/29 2:15 p.m.14 views

Sql injection

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL Injection vulnerability in the Tracker component in DHIS2 Server allows authenticated remote attackers to execute arbitrary SQL commands via unspecified vectors. This vulnerability affects...

6.5CVSS8.9AI score0.01859EPSS
Exploits1References3Affected Software1
GithubExploit
GithubExploit
added 2021/09/22 3:20 p.m.100 views

Exploit for CVE-2021-38647

cve-2021-38647 https://github.com/corelight/CVE-2021-38647 wit...

9.8CVSS7.9AI score0.99723EPSS
Exploits19
Hacker One
Hacker One
added 2021/09/20 3:4 p.m.62 views

U.S. Dept Of Defense: Expired SSL Certificate allows credentials steal

Hi security Team! I've found this website with no valid SSL Certificate. https://██████████ Certificate has expired 314 days ago. Impact Error message can appear on page and user can have his credentials stolen by an attacker capturing the network data. System Hosts ███████ Affected Products and...

1.1AI score
Exploits0
NVD
NVD
added 2021/09/07 7:15 p.m.20 views

CVE-2021-39196

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

7.7CVSS0.01252EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/09/07 6:55 p.m.26 views

CVE-2021-39196 Authenticated non-privileged user can request unfiltered data without adequate permissions in pcapture

pcapture is an open source dumpcap web service interface . In affected versions this vulnerability allows an authenticated but unprivileged user to use the REST API to capture and download packets with no capture filter and without adequate permissions. This is important because the capture filte...

7.7CVSS7.4AI score0.01252EPSS
Exploits0References3
NVD
NVD
added 2021/07/16 5:15 p.m.18 views

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

9.8CVSS0.02002EPSS
Exploits0References3
Rows per page
Query Builder