Lucene search
K

60 matches found

ATTACKERKB
ATTACKERKB
added 2023/08/31 2:15 p.m.5 views

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

9.8CVSS6.2AI score0.01066EPSS
Exploits1References3
OSV
OSV
added 2023/08/31 2:15 p.m.7 views

CVE-2023-41640

An improper error handling vulnerability in the component ErroreNonGestito.aspx of GruppoSCAI RealGimm 1.1.37p38 allows attackers to obtain sensitive technical information via a crafted SQL query...

8.8CVSS5.8AI score0.00859EPSS
Exploits1References2
OSV
OSV
added 2023/08/31 2:15 p.m.4 views

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

9.8CVSS6.2AI score0.01066EPSS
Exploits1References2
NVD
NVD
added 2023/08/31 2:15 p.m.18 views

CVE-2023-41635

A XML External Entity XXE vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file...

6.5CVSS6.3AI score0.00658EPSS
Exploits1References2
NVD
NVD
added 2023/08/31 2:15 p.m.24 views

CVE-2023-41638

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file...

8.8CVSS8.8AI score0.00972EPSS
Exploits1References2
NVD
NVD
added 2023/08/31 2:15 p.m.26 views

CVE-2023-41636

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query...

9.8CVSS9.8AI score0.00861EPSS
Exploits0References2
NVD
NVD
added 2023/08/31 2:15 p.m.29 views

CVE-2023-41637

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

9.8CVSS9.5AI score0.01066EPSS
Exploits1References2
OSV
OSV
added 2023/08/31 2:15 p.m.5 views

CVE-2023-41636

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query...

9.8CVSS6AI score0.00861EPSS
Exploits0References2
Prion
Prion
added 2023/08/31 2:15 p.m.24 views

Cross site scripting

Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component of GruppoSCAI RealGimm 1.1.37p38 allow attackers to execute arbitrary Javascript in the context of a victim user's browser via a crafted payload injected into the VIEWSTATE parameter...

5.8CVSS6AI score0.01071EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/08/31 2:15 p.m.14 views

Xxe

A XML External Entity XXE vulnerability in the VerifichePeriodiche.aspx component of GruppoSCAI RealGimm v1.1.37p38 allows attackers to read any file in the filesystem via supplying a crafted XML file...

4CVSS6.3AI score0.00658EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/08/31 2:15 p.m.25 views

Sql injection

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query...

7.5CVSS9.7AI score0.00861EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/08/31 2:15 p.m.21 views

Privilege escalation

An arbitrary file upload vulnerability in the Carica immagine function of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted HTML file...

7.5CVSS9.5AI score0.01066EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/08/31 2:15 p.m.20 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the Gestione Documentale module of GruppoSCAI RealGimm 1.1.37p38 allows attackers to execute arbitrary code via uploading a crafted file...

6.5CVSS8.8AI score0.00972EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.7 views

PT-2023-28018 · Grupposcai · Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: An improper error handling issue in the ErroreNonGestito.aspx component allows attackers to obtain sensitive technical information via a crafted SQL query. Recommendations: For GruppoSCAI...

8.8CVSS8.4AI score0.00859EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.5 views

PT-2023-28015 · Grupposcai · Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: A SQL injection issue in the Data Richiesta dal parameter allows attackers to access the database and execute arbitrary commands via a crafted SQL query. Recommendations: For GruppoSCAI...

9.8CVSS9.7AI score0.00861EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.5 views

PT-2023-28017 · Grupposcai · Grupposcai Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: The issue is related to an arbitrary file upload vulnerability in the Gestione Documentale module, which allows attackers to execute arbitrary code by uploading a crafted file. Recommendation...

8.8CVSS8.7AI score0.00972EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/08/31 12:0 a.m.13 views

CVE-2023-41636

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query...

8.4AI score0.00861EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.4 views

PT-2023-28019 · Grupposcai · Grupposcai Realgimm

Name of the Vulnerable Software and Affected Versions: GruppoSCAI RealGimm version 1.1.37p38 Description: Multiple reflected cross-site scripting XSS vulnerabilities in the ErroreNonGestito.aspx component allow attackers to execute arbitrary Javascript in the context of a victim user's browser vi...

6.1CVSS6.2AI score0.01071EPSS
Exploits1References5
CVE
CVE
added 2023/08/31 12:0 a.m.110 views

CVE-2023-41635

CVE-2023-41635 is an XXE vulnerability in GruppoSCAI RealGimm v1.1.37p38, affecting the VerifichePeriodiche.aspx component. The flaw allows reading arbitrary filesystem files via a crafted XML payload. Affected software/versions are RealGimm v1.1.37p38; impact is confidentiality breach (C for hig...

6.5CVSS6.2AI score0.00658EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2023/08/31 12:0 a.m.26 views

CVE-2023-41636

A SQL injection vulnerability in the Data Richiesta dal parameter of GruppoSCAI RealGimm v1.1.37p38 allows attackers to access the database and execute arbitrary commands via a crafted SQL query...

10AI score0.00861EPSS
Exploits0References2
Rows per page
Query Builder