Lucene search
K

84 matches found

CNVD
CNVD
added 2022/03/14 12:0 a.m.33 views

FreeTakServer Trust Management Issue Vulnerability

FreeTAKServer is an open source lightweight server from the FreeTAKTeam team. It is used to connect to TAK clients. FreeTakServer suffers from a trust management issue vulnerability that stems from the fact that the Flask Secrets Key has three relevant locations that are hard-coded, which can be...

8.8CVSS2.3AI score0.01035EPSS
Exploits1References1
OSV
OSV
added 2022/03/12 12:0 a.m.33 views

GHSA-HGGV-MCP4-VXC5 Improper Authentication in FreeTAKServer

FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create...

8.7CVSS7.4AI score0.01019EPSS
Exploits1References4
OSV
OSV
added 2022/03/12 12:0 a.m.25 views

GHSA-9988-F88M-MR42 Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS7.4AI score0.01073EPSS
Exploits1References3
OSV
OSV
added 2022/03/12 12:0 a.m.16 views

GHSA-GJH6-WVHQ-H4QX Cross-site Scripting in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS5.2AI score0.00479EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.50 views

Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS2.3AI score0.01073EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.52 views

Improper Authentication in FreeTAKServer

FreeTAKServer is an open source, lightweight Server for connect TAK clients. An access control issue in the component /ManageRoute/postRoute of FreeTAKServer version 1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create...

7.5CVSS4.6AI score0.01019EPSS
Exploits1References4Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.27 views

SQL Injection in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

6.5CVSS3.4AI score0.00855EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.40 views

Path traversal in FreeTAKServer-UI

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.5CVSS5.2AI score0.00719EPSS
Exploits1References3Affected Software1
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.44 views

Cross-site Scripting in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS2.3AI score0.00479EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2022/03/12 12:0 a.m.19 views

GHSA-JR2M-29WJ-W9QC SQL Injection in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

6.5CVSS6.6AI score0.00855EPSS
Exploits1References3
OSV
OSV
added 2022/03/12 12:0 a.m.26 views

GHSA-7CR9-RMQR-FPQP Path traversal in FreeTAKServer-UI

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.5CVSS6.4AI score0.00719EPSS
Exploits1References3
OSV
OSV
added 2022/03/12 12:0 a.m.47 views

GHSA-F897-875P-23X7 Hard coded credentials in FreeTAKServer

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS8.9AI score0.01035EPSS
Exploits1References4
Github Security Blog
Github Security Blog
added 2022/03/12 12:0 a.m.70 views

Hard coded credentials in FreeTAKServer

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS5.5AI score0.01035EPSS
Exploits1References4Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/12 12:0 a.m.57 views

Hard coded credentials in FreeTAKServer

FreeTAKServer 1.9.8 contains a hardcoded Flask secret key which allows attackers to create crafted cookies to bypass authentication or escalate privileges...

8.8CVSS5.5AI score0.01035EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/12 12:0 a.m.44 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

6.5CVSS4.1AI score0.00855EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/12 12:0 a.m.38 views

Improper Authentication in FreeTAKServer

An access control issue in the component /ManageRoute/postRoute of FreeTAKServer v1.9.8 allows unauthenticated attackers to cause a Denial of Service DoS via an unusually large amount of created routes, or create unsafe or false routes for legitimate users...

7.5CVSS5.5AI score0.01019EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/12 12:0 a.m.41 views

Path traversal in FreeTAKServer-UI

An issue in the ?filename= argument of the route /DataPackageTable in FreeTAKServer-UI v1.9.8 allows attackers to place arbitrary files anywhere on the system...

6.5CVSS5.2AI score0.00719EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/12 12:0 a.m.48 views

Exposure of Sensitive Information to an Unauthorized Actor in FreeTAKServer-UI

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys...

7.5CVSS2.3AI score0.01073EPSS
Exploits1References3Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2022/03/12 12:0 a.m.38 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

FreeTAKServer-UI v1.9.8 was discovered to contain a stored cross-site scripting XSS vulnerability via the Callsign parameter...

5.4CVSS2.4AI score0.00479EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/03/11 12:15 a.m.1 views

CVE-2022-25506

FreeTAKServer-UI v1.9.8 was discovered to contain a SQL injection vulnerability via the API endpoint /AuthenticateUser...

6.5CVSS5.7AI score0.00855EPSS
Exploits1References2
Rows per page
Query Builder