Lucene search
+L

137 matches found

Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.11 views

PT-2024-20889 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: A SQL injection issue allows a local attacker to obtain sensitive information via a crafted payload to the txtemail parameter in the "login.php" endpoint. This enables the attacker to...

7.1CVSS7.5AI score0.00282EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/03/06 12:0 a.m.7 views

PT-2024-2263 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetPPTPServer function of the file /goform/SetPptpServerCfg. The manipulation of the startIP argument leads to a stack-based buffer overflow. This issue can be...

9CVSS8.9AI score0.01534EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.6 views

PT-2024-21393 · Unknown · Klik Socialmediawebsite

Name of the Vulnerable Software and Affected Versions: KLiK SocialMediaWebsite version 1.0.1 Description: A reflected cross-site scripting XSS vulnerability may allow remote attackers to execute arbitrary JavaScript in the web browser of a user. This can be achieved by including a malicious paylo...

6.1CVSS6.3AI score0.00549EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.6 views

PT-2024-20228 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue is related to SQL Injection. The com.jsh.erp.controller.MaterialController, specifically the getListWithStock function, does not properly filter the column and order parameters, allowing an attacker t...

9.8CVSS7.5AI score0.00769EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.9 views

PT-2024-20409 · Unknown · Flusity-Cms

Name of the Vulnerable Software and Affected Versions: flusity-CMS version 2.33 Description: A Cross Site Request Forgery issue allows a remote attacker to execute arbitrary code via the "add customblock.php" endpoint. Recommendations: For flusity-CMS version 2.33, consider disabling access to th...

8.8CVSS8.9AI score0.00475EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.5 views

PT-2024-20146 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, resulting from insufficient encoding of user-controlled inputs. This can be exploited via the /cupseasylive/currencycreate.php endpoin...

8.2CVSS6.1AI score0.00437EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.4 views

PT-2024-20132 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A vulnerability has been reported in Cups Easy Purchase & Inventory whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via...

8.2CVSS6.1AI score0.00437EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.7 views

PT-2024-20130 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, where user-controlled inputs are not sufficiently encoded. This issue can be exploited via the /cupseasylive/grndisplay.php endpoint,...

8.2CVSS6.2AI score0.00399EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.6 views

PT-2024-20154 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, resulting from insufficient encoding of user-controlled inputs. This can be exploited via the /cupseasylive/countrymodify.php endpoint...

8.2CVSS6.2AI score0.00436EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.7 views

PT-2024-20153 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, where user-controlled inputs are not sufficiently encoded. This can be exploited via the "/cupseasylive/grnmodify.php" API endpoint,...

8.2CVSS6.2AI score0.00398EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.9 views

PT-2024-20148 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, where user-controlled inputs are not sufficiently encoded. This can be exploited via the /cupseasylive/statemodify.php endpoint,...

8.2CVSS6.2AI score0.00399EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/26 12:0 a.m.8 views

PT-2024-20165 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS vulnerability has been reported, resulting from insufficient encoding of user-controlled inputs. This issue can be exploited via the /cupseasylive/stock.php...

8.2CVSS6.2AI score0.00489EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/01/12 12:0 a.m.6 views

PT-2024-19451 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalcms version 5.0.0 Description: A stored XSS issue exists, allowing remote attackers to inject arbitrary web script or HTML via the "/gusetbook/save" API endpoint, specifically through the mobile parameter. This enables attackers to...

5.4CVSS5.3AI score0.00466EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/02 12:0 a.m.5 views

PT-2024-15379 · Ai Magic · Ai Magic

Name of the Vulnerable Software and Affected Versions: Magic-Api versions up to 2.0.1 Description: A critical vulnerability has been found in Magic-Api, affecting an unknown functionality of the file "/resource/file/api/save?auto=1". The manipulation leads to code injection, and the attack can be...

8.8CVSS6.7AI score0.00824EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/12/31 12:0 a.m.4 views

PT-2023-8246 · Totolink · Totolink N350Rt

Name of the Vulnerable Software and Affected Versions: Totolink N350RT version 9.3.5u.6139 B20201216 Description: A critical issue affects the processing of the file /cgi-bin/cstecgi.cgi?action=login&flag=ie8 of the component HTTP POST Request Handler, leading to a stack-based buffer overflow. Th...

8.8CVSS5.8AI score0.00709EPSS
Exploits1References12
Positive Technologies
Positive Technologies
added 2023/12/17 12:0 a.m.4 views

PT-2023-32812 · Netentsec · Netentsec Ns-Asg Application Security Gateway

Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3.1 Description: A critical issue has been found in the Netentsec NS-ASG Application Security Gateway. This issue affects the file /admin/singlelogin.php?submit=1 and is related to the...

9.8CVSS7.7AI score0.00711EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/12/13 12:0 a.m.6 views

PT-2023-32765 · Thecosy · Thecosy Icecms

Name of the Vulnerable Software and Affected Versions: Thecosy IceCMS version 2.0.1 Description: A critical vulnerability was found in Thecosy IceCMS, affecting an unknown function of the file /article/DelectArticleById/ of the component Article Handler. This issue leads to permission problems an...

5.5CVSS5.8AI score0.00695EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/12/12 12:0 a.m.4 views

PT-2023-8221 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions prior to the fixed version Description: The issue is related to a lack of validation for relative paths in the /plugins/playbooks/api/v0/telemetry/run/ endpoint, allowing an attacker to use a path traversal payload to poin...

10CVSS8.5AI score0.00309EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/12/05 12:0 a.m.4 views

PT-2023-31191 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: A Cross-Site Request Forgery CSRF issue was discovered in JFinalCMS. The vulnerability can be exploited via the /admin/tag/update API endpoint. Recommendations: For JFinalCMS version 5.0.0, consider...

8.8CVSS8.6AI score0.00391EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/11/30 12:0 a.m.5 views

PT-2023-32485 · Unknown · Elijaa/Phpmemcachedadmin

Name of the Vulnerable Software and Affected Versions: elijaa/phpmemcachedadmin version 1.3.0 Description: A critical flaw has been identified, specifically related to a stored XSS vulnerability, allowing malicious actors to insert a carefully crafted JavaScript payload. The issue arises from...

6.1CVSS5.2AI score0.00406EPSS
Exploits0References8
Rows per page
Query Builder