Lucene search
+L

198 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:47 a.m.7 views

CVE-2017-20059

A vulnerability, which was classified as problematic, has been found in Elefant CMS 1.3.12-RC. Affected by this issue is some unknown functionality of the component Title Handler. The manipulation with the input leads to basic cross site scripting Persistent. The attack may be launched remotely...

5.4CVSS6.1AI score0.00485EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:47 a.m.11 views

CVE-2017-20058

A vulnerability classified as problematic was found in Elefant CMS 1.3.12-RC. Affected by this vulnerability is an unknown functionality of the component Version Comparison. The manipulation leads to basic cross site scripting Persistent. The attack can be launched remotely. Upgrading to version...

6.1CVSS6.1AI score0.00726EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:17 a.m.10 views

CVE-2018-15601

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism...

9.8CVSS6.9AI score0.0163EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:7 a.m.6 views

CVE-2017-20057

A vulnerability classified as problematic has been found in Elefant CMS 1.3.12-RC. Affected is an unknown function. The manipulation of the argument username leads to basic cross site scripting Persistent. It is possible to launch the attack remotely. Upgrading to version 1.3.13 is able to addres...

6.1CVSS6.2AI score0.00553EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:56 a.m.12 views

CVE-2017-20064

A vulnerability was found in Elefant CMS 1.3.12-RC. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /designer/add/layout. The manipulation leads to code injection. The attack can be launched remotely. Upgrading to version 1.3.13 is able to...

8.8CVSS7.5AI score0.01044EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:55 a.m.9 views

CVE-2017-20061

A vulnerability has been found in Elefant CMS 1.3.12-RC and classified as problematic. This vulnerability affects unknown code of the file /admin/extended. The manipulation of the argument name with the input %3Cimg%20src=no%20onerror=alert1%3E leads to basic cross site scripting Reflected. The...

5.4CVSS6.2AI score0.00434EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:55 a.m.7 views

CVE-2017-20062

A vulnerability was found in Elefant CMS 1.3.12-RC and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Upgrading to...

8.8CVSS6.7AI score0.00365EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:32 a.m.9 views

CVE-2017-20060

A vulnerability, which was classified as problematic, was found in Elefant CMS 1.3.12-RC. This affects an unknown part of the component Blog Post Handler. The manipulation leads to basic cross site scripting Persistent. It is possible to initiate the attack remotely. Upgrading to version 1.3.13 i...

5.4CVSS6.1AI score0.00485EPSS
Exploits0References1
NVD
NVD
added 2024/11/08 1:15 p.m.18 views

CVE-2024-50592

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...

7CVSS0.00176EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/08 12:15 p.m.15 views

CVE-2024-50592 Local Privilege Escalation via Race Condition

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...

7.1AI score0.00176EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/08 12:15 p.m.24 views

CVE-2024-50592 Local Privilege Escalation via Race Condition

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a race condition in the Elefant Update Service during the repair or update process. When using the repair function, the service queries the server for a lis...

0.00176EPSS
Exploits0References2
CVE
CVE
added 2024/11/08 12:15 p.m.51 views

CVE-2024-50592

CVE-2024-50592 describes a local privilege escalation in HASOMED Elefant software, via a race condition in the Elefant Update Service during repair/update. An attacker with local access can exploit the window between copying vulnerable executables to a user-writable folder (C:\Elefant1) and the f...

7CVSS7AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2024/11/08 12:15 p.m.13 views

CVE-2024-50593

An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software...

7.8CVSS0.00189EPSS
Exploits0References3
NVD
NVD
added 2024/11/08 12:15 p.m.11 views

CVE-2024-50591

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service whi...

7.8CVSS0.02005EPSS
Exploits0References3
NVD
NVD
added 2024/11/08 12:15 p.m.23 views

CVE-2024-50590

Attackers with local access to the medical office computer can escalate their Windows user privileges to "NT AUTHORITY\SYSTEM" by overwriting one of two Elefant service binaries with weak permissions. The default installation directory of Elefant is "C:\Elefant1" which is writable for all users. ...

7.8CVSS0.00189EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/11/08 12:6 p.m.11 views

CVE-2024-50593 Hardcoded Service Password

An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software...

6.9AI score0.00189EPSS
Exploits0References2
CVE
CVE
added 2024/11/08 12:6 p.m.47 views

CVE-2024-50593

CVE-2024-50593 affects the Elefant Service tool; a local attacker can access restricted functions via a hard-coded "Hotline" password embedded in the Elefant service binary, which is shipped with the software. Affected component is the Elefant Service binary used by HASOMED Elefant. The root caus...

7.8CVSS7.5AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/11/08 12:6 p.m.18 views

CVE-2024-50593 Hardcoded Service Password

An attacker with local access to the medical office computer can access restricted functions of the Elefant Service tool by using a hard-coded "Hotline" password in the Elefant service binary, which is shipped with the software...

0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/08 12:1 p.m.8 views

CVE-2024-50591 Local Privilege Escalation via Command Injection

An attacker with local access the to medical office computer can escalate his Windows user privileges to "NT AUTHORITY\SYSTEM" by exploiting a command injection vulnerability in the Elefant Update Service. The command injection can be exploited by communicating with the Elefant Update Service whi...

7.3AI score0.02005EPSS
Exploits0References2
CVE
CVE
added 2024/11/08 12:1 p.m.50 views

CVE-2024-50591

CVE-2024-50591 affects the Elefant Software Updater (ESU) on Windows. The vulnerability is a local privilege escalation via a command-injection flaw in the ESU service (running as NT AUTHORITY\SYSTEM) that can be triggered by sending a crafted MessageType.SupportServiceInfos message to the local ...

7.8CVSS7.7AI score0.02005EPSS
Exploits0References3
Rows per page
Query Builder