47 matches found
CVE-2022-22835
OverIT Geocall prior to version 8.0 is affected by an XXE vulnerability in the XSLT/Test Trasformazione XSL feature. An authenticated user enabling this functionality can trigger an XXE issue and read arbitrary files from the file system. Affected component: Geocall’s XSLT processing; root cause:...
PT-2022-15702 · Overit · Overit Geocall
Name of the Vulnerable Software and Affected Versions: OverIT Geocall versions prior to 8.0 Description: An issue was discovered that allows an authenticated user with the Test Trasformazione XSL functionality enabled to exploit a XSLT Injection vulnerability. This could allow attackers to achiev...
PT-2022-15703 · Overit · Overit Geocall
Name of the Vulnerable Software and Affected Versions: OverIT Geocall versions prior to 8.0 Description: An issue was discovered that allows an authenticated user with the Test Trasformazione XSL functionality enabled to exploit a vulnerability. This can lead to reading arbitrary files from the...
OverIT Geocall Access Control Error Vulnerability
OverIT Geocall is a field service management solution from OverIT Italy. An Access Control Error vulnerability exists in version 6.3 prior to OverIT Geocall build 2:346977, which arises from a network system or product that does not properly restrict access to resources from unauthorized roles. A...
OverIT Geocall Log Management Directory Traversal Vulnerability
OverIT Geocall is a field service management solution from OverIT Italy. A path traversal vulnerability exists in version 6.3 prior to OverIT Geocall build 2:346977, which arises from a failure of a networked system or product to properly filter for specific elements in the path of a resource or...
OverIT Geocall Cross-Site Scripting Vulnerability
OverIT Geocall is a field service management solution from OverIT Italy. A cross-site scripting vulnerability exists in version 6.3 prior to OverIT Geocall build 2:346977, which stems from the lack of proper validation of client-side data by the WEB application. An attacker can exploit the...
CVE-2019-5891
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application...
CVE-2019-5889
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977...
CVE-2019-5890
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions...
CVE-2019-5888
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977...
CVE-2019-5889
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977...
Code injection
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application...
CVE-2019-5888
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977...
Design/Logic Flaw
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977...
Directory traversal
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977...
CVE-2019-5890
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions...
CVE-2019-5891
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application...
CVE-2019-5891
The CVE-2019-5891 issue affects OverIT Geocall 6.3 prior to build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user and log into the web application, compromising session integrity and potentially exposing user data. The vulnerability arises in th...
CVE-2019-5890
Affected software: OverIT Geocall 6.3 (before build 2:346977). Vulnerability: Weak authentication and session management allow an authenticated user to access the Administrative control panel and execute administrative functions. Root cause (as described): Improper session handling enabling eleva...
CVE-2019-5890
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions...