Lucene search
K

129 matches found

CVE
CVE
added 2019/11/26 5:23 p.m.74 views

CVE-2019-16386

PEGA Platform 7.x–8.x is disclosed to have an information-disclosure vulnerability, exploitable via a direct request to /prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id to obtain database schema information. Dispute exists about privilege level (v...

4.3CVSS4.5AI score0.00783EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2019/11/26 12:0 a.m.6 views

PT-2019-14651 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: PEGA Platform versions 7.x through 8.x Description: The issue allows for information disclosure via a direct request to /prweb/sso/random token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random harness id to obtain database sche...

4.3CVSS6.2AI score0.00783EPSS
Exploits1References3
Fedora
Fedora
added 2019/10/26 5:31 p.m.31 views

[SECURITY] Fedora 31 Update: opendmarc-1.3.2-1.fc31

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...

9.8CVSS1.7AI score0.02457EPSS
Exploits0
OSV
OSV
added 2019/10/17 8:15 p.m.3 views

CVE-2019-13409

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 2019/08/19. An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password...

9.8CVSS7.3AI score0.01211EPSS
Exploits0References2
NVD
NVD
added 2019/10/17 8:15 p.m.21 views

CVE-2019-13409

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 2019/08/19. An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password...

9.8CVSS9.7AI score0.01211EPSS
Exploits0References2
Prion
Prion
added 2019/10/17 8:15 p.m.14 views

Sql injection

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 2019/08/19. An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password...

5CVSS9.6AI score0.01211EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/10/17 7:24 p.m.21 views

CVE-2019-13409 A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 (2019/08/19)

A SQL injection vulnerability was discovered in TOPMeeting before version 8.8 2019/08/19. An attacker can use a union based injection query string though a search meeting room feature to get databases schema and username/password...

9.8AI score0.01211EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2019/10/16 12:0 a.m.33 views

Fedora 30 : opendmarc (2019-24b3f84f6e)

This update provides the final 1.3.2 release previously the package was 1.3.2 beta. It also includes the previously-omitted database schema directory resolving 1415753 and rddmarc tools, and backports proposed fixes for a crasher bug and security issue CVE-2019-16378 from upstream submissions. No...

9.8CVSS8.2AI score0.02457EPSS
Exploits0References5
Fedora
Fedora
added 2019/10/12 1:30 a.m.27 views

[SECURITY] Fedora 29 Update: opendmarc-1.3.2-1.fc29

OpenDMARC Domain-based Message Authentication, Reporting & Conformance provides an open source library that implements the DMARC verification service plus a milter-based filter application that can plug in to any milter-aware MTA, including sendmail, Postfix, or any other MTA that suppor ts the...

9.8CVSS1.7AI score0.02457EPSS
Exploits0
OSV
OSV
added 2019/10/11 5:15 p.m.4 views

CVE-2019-17503

An issue was discovered in Kirona Dynamic Resource Scheduling DRS 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd aka /osmtiles/REGISTER.cmd directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database...

5.3CVSS6.1AI score0.49236EPSS
Exploits5References2
OSV
OSV
added 2018/10/03 8:29 p.m.5 views

CVE-2018-17562

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...

7.5CVSS5.8AI score0.01467EPSS
Exploits1References1
NVD
NVD
added 2018/10/03 8:29 p.m.18 views

CVE-2018-17562

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...

7.5CVSS7.8AI score0.01467EPSS
Exploits1References1
Prion
Prion
added 2018/10/03 8:29 p.m.18 views

Sql injection

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...

5CVSS7.8AI score0.01467EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2018/10/03 8:0 p.m.22 views

CVE-2018-17562

Multi-Tech FaxFinder before 5.1.6 has SQL Injection via a status/calldetails?oid= URI, allowing an attacker to extract the underlying database schema to further disclose other fax server information through different injection points...

7.9AI score0.01467EPSS
Exploits1References1
OSV
OSV
added 2018/08/14 6:3 a.m.10 views

SUSE-SU-2018:2317-1 Security update for grafana, kafka, logstash, openstack-monasca-installer

This update for grafana, kafka, logstash, openstack-monasca-installer fixes the following issues: Security issues fixed: - CVE-2018-12099: grafana: Fix XSS vulnerabilities in dashboard links bsc1096985. - CVE-2018-3817: logstash: Fix inadvertently logging of sensitive information bsc1090849. Bug...

6.5CVSS6.5AI score0.02073EPSS
Exploits1References10
exploitpack
exploitpack
added 2018/05/25 12:0 a.m.55 views

Oracle WebCenter FatWire Content Server 7 - Improper Access Control

Oracle WebCenter FatWire Content Server 7 - Improper Access Control Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 =...

3.3CVSS0.2AI score0.02327EPSS
Exploits3
Packet Storm
Packet Storm
added 2018/05/25 12:0 a.m.92 views

Oracle WebCenter (Fatwire) Improper Access Control

Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...

3.3CVSS0.3AI score0.02327EPSS
Exploits3
Exploit DB
Exploit DB
added 2018/05/25 12:0 a.m.182 views

Oracle WebCenter FatWire Content Server < 7 - Improper Access Control

Exploit Title: Oracle WebCenter FatWire Content Server 7 - Improper Access Control Dork: inurl:Satellite?pagename Date: 2017-10-17 Exploit Author: Sebastian Cornejo Olave Vendor Homepage: http://oracle.com Version: 5.5.2 ,7.5 = CVE: CVE-2017-10033 Category: Webapps Tested on: Kali linux...

4CVSS4.7AI score0.02327EPSS
Exploits3
Prion
Prion
added 2017/08/02 7:29 p.m.11 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the 1 PATHINFO to the main page; the 2 beanReference parameter to the JavaBean viewer page; or the 3 pyTableName to the System database schema...

4.3CVSS6AI score0.03503EPSS
Exploits4References3Affected Software1
CVE
CVE
added 2017/08/02 7:0 p.m.68 views

CVE-2017-11355

Pegasystems PEGA Platform 7.2 ML0 and earlier are affected by multiple XSS vulnerabilities (CVE-2017-11355) allowing remote attackers to inject arbitrary scripts via PATH_INFO, the JavaBean viewer beanReference, or pyTableName on the System database schema modification page; CVE-2017-11356 also a...

6.1CVSS6AI score0.03503EPSS
Exploits4References3Affected Software1
Rows per page
Query Builder