Lucene search
K

60 matches found

NVD
NVD
added 2024/02/29 1:44 a.m.14 views

CVE-2024-25831

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...

6.1CVSS5.8AI score0.00551EPSS
Exploits1References1
OSV
OSV
added 2024/02/29 1:44 a.m.1 views

CVE-2024-25831

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...

5.4CVSS7.5AI score0.00551EPSS
Exploits1References1
NVD
NVD
added 2024/02/29 1:44 a.m.21 views

CVE-2024-25830

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...

9.8CVSS6.6AI score0.2403EPSS
Exploits5References1
NVD
NVD
added 2024/02/29 1:44 a.m.12 views

CVE-2024-25833

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...

9.8CVSS7.8AI score0.02831EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:44 a.m.20 views

Cross site scripting

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...

6.3AI score0.00551EPSS
Exploits1References1
Prion
Prion
added 2024/02/29 1:44 a.m.23 views

Path traversal

F-logic DataCube3 v1.0 is vulnerable to Incorrect Access Control due to an improper directory access restriction. An unauthenticated, remote attacker can exploit this, by sending a URI that contains the path of the configuration file. A successful exploit could allow the attacker to extract the...

7.5AI score0.2403EPSS
Exploits5References1
Prion
Prion
added 2024/02/29 1:44 a.m.17 views

Sql injection

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...

8.7AI score0.02831EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.5 views

Field Logic DataCube3 Security Vulnerability

Field Logic DataCube4 is a small measurement terminal system from Field Logic. A security vulnerability exists in Field Logic DataCube3 version 1.0 that stems from incorrect directory access restrictions and is susceptible to incorrect access control...

9.8CVSS6.8AI score0.2403EPSS
Exploits5References3
CNNVD
CNNVD
added 2024/02/29 12:0 a.m.5 views

Field Logic DataCube3 Permission License and Access Control Issues Vulnerability

Field Logic DataCube4 is a small measurement terminal system from Field Logic. A security vulnerability exists in Field Logic DataCube3 version 1.0 that stems from vulnerability to unrestricted file uploads, which could allow an authenticated malicious actor to upload dangerous types of files by...

8.8CVSS6.7AI score0.12825EPSS
Exploits5References5
CVE
CVE
added 2024/02/28 12:0 a.m.7136 views

CVE-2024-25832

Summary (CVE-2024-25832) : F-logic DataCube3 v1.0 is reported vulnerable to unrestricted file upload by manipulating the filename extension. The issue is classified with high impact (CVSSv3.1: 8.8, HIGH) and requires authentication with low privileges; exploitation could lead to code execution, d...

8.8CVSS6.5AI score0.12825EPSS
Exploits5References1Affected Software1
Cvelist
Cvelist
added 2024/02/28 12:0 a.m.24 views

CVE-2024-25832

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension...

6.6AI score0.12825EPSS
Exploits5References1
Cvelist
Cvelist
added 2024/02/28 12:0 a.m.16 views

CVE-2024-25831

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...

6AI score0.00551EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/02/28 12:0 a.m.9 views

CVE-2024-25833

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...

8.2AI score0.02831EPSS
Exploits1References1
CVE
CVE
added 2024/02/28 12:0 a.m.95 views

CVE-2024-25830

DataCube3 v1.0 suffers from an Incorrect Access Control due to an improper directory access restriction. An unauthenticated remote attacker can exploit this by sending a URI that includes the path of the configuration file, potentially extracting the root and admin passwords . Multiple connected ...

9.8CVSS6.8AI score0.2403EPSS
Exploits5References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/28 12:0 a.m.16 views

CVE-2024-25832

F-logic DataCube3 v1.0 is vulnerable to unrestricted file upload, which could allow an authenticated malicious actor to upload a file of dangerous type by manipulating the filename extension...

6.6AI score0.12825EPSS
Exploits5References1
Vulnrichment
Vulnrichment
added 2024/02/28 12:0 a.m.13 views

CVE-2024-25831

F-logic DataCube3 Version 1.0 is affected by a reflected cross-site scripting XSS vulnerability due to improper input sanitization. An authenticated, remote attacker can execute arbitrary JavaScript code in the web management interface...

6AI score0.00551EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.4 views

PT-2024-2172 · Unknown · F-Logic Datacube3

Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: The issue is related to insufficient access control in the F-logic DataCube3 terminal measurement system software for power generation systems. This can be exploited by an unauthenticated, remote...

9.8CVSS9.1AI score0.2403EPSS
Exploits5References10
CVE
CVE
added 2024/02/28 12:0 a.m.83 views

CVE-2024-25831

Summary: CVE-2024-25831 concerns F-Logic DataCube3 v1.0 with a reflected XSS vulnerability caused by improper input sanitization. The issue allows an authenticated, remote attacker to execute arbitrary JavaScript in the web management interface. The Red Hat, JVN/JPCERT-related entries and multipl...

6.1CVSS5.9AI score0.00551EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2024/02/28 12:0 a.m.90 views

CVE-2024-25833

CVE-2024-25833 affects Field Logic DataCube3 v1.0. The available data describe an unauthenticated SQL injection vulnerability allowing an attacker to execute arbitrary SQL queries in the database. The vulnerability is rated critical (CVSS v3.1: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Connected docu...

9.8CVSS8.1AI score0.02831EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2024/02/28 12:0 a.m.21 views

CVE-2024-25833

F-logic DataCube3 v1.0 is vulnerable to unauthenticated SQL injection, which could allow an unauthenticated malicious actor to execute arbitrary SQL queries in database...

8.1AI score0.02831EPSS
Exploits1References1
Rows per page
Query Builder