Lucene search
+L

113 matches found

Cvelist
Cvelist
added 2024/09/19 4:30 p.m.33 views

CVE-2024-8651 Netcat CMS: user enumeration

A vulnerability in NetCat CMS allows an attacker to send a specially crafted http request that can be used to check whether a user exists in the system, which could be a basis for further attacks. This issue affects NetCat CMS v. 6.4.0.24126.2 and possibly others. Apply patch from vendor...

6.9CVSS0.00427EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.6 views

NetCat CMS 安全漏洞

NetCat CMS is a content management system from NetCat, Inc. A security vulnerability previously existed in NetCat CMS version 6.4.0.24248. An attacker could exploit the vulnerability to execute JavaScript code in a user's browser when the user visits a specific path on the site...

6.1CVSS7AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.5 views

NetCat CMS 安全漏洞

NetCat CMS is a content management system from NetCat, Inc. A security vulnerability previously existed in NetCat CMS version 6.4.0.24248. An attacker could exploit the vulnerability to execute JavaScript code in a user's browser when the user visits a specific path on the site...

6.1CVSS7AI score0.00267EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/09/19 12:0 a.m.6 views

NetCat CMS 安全漏洞

NetCat CMS is a content management system from NetCat, Inc. A security vulnerability exists in NetCat CMS prior to version 6.4.0.24248. An attacker exploiting this vulnerability could send a specially crafted http request to check for the presence of a user on the system...

6.9CVSS6.6AI score0.00427EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.19 views

PT-2024-39150 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to send a specially crafted HTTP request to check whether a user exists in the system. This issue could be a basis for further...

6.9CVSS6.6AI score0.00427EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/09/19 12:0 a.m.13 views

PT-2024-39152 · Unknown · Netcat Cms

Name of the Vulnerable Software and Affected Versions: NetCat CMS versions 6.4.0.24126.2 through 6.4.0.24247 Description: A vulnerability in NetCat CMS allows an attacker to execute JavaScript code in a user's browser when they visit specific paths on the site. This issue enables cross-site...

6.1CVSS6.4AI score0.00267EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.8 views

The vulnerability in the implementation of the get_component_fields method of the comments module in the Netcat CMS system allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the getcomponentfields method in the comments module of the Netcat CMS system is related to the lack of security measures for SQL query structures. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to protected information from...

9.1CVSS5.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.5 views

The vulnerability of the netcat/message_fields.php file in the Netcat CMS system allows a intruder to gain unauthorized access to protected information.

The vulnerability of the netcat/messagefields.php file in the Netcat CMS system is related to the lack of measures taken to protect the SQL query structure. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain unauthorized access to protected information from the...

9.1CVSS5.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.7 views

The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code

The vulnerability of the filemanager module in the CMS system Netcat is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute any JavaScript code in the user’s browser remotely...

9CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.6 views

The vulnerability in the implementation of the deleteComment method in the comments module of the CMS system Netcat allows a malicious individual to gain unauthorized access to protected information.

The vulnerability of the deleteComment method in the comments module of the CMS system Netcat is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected information...

9.1CVSS5.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.5 views

The vulnerability in the implementation of the subscribes_delete_confirm method of the comments module in the Netcat CMS system allows a hacker to gain unauthorized access to protected information.

The vulnerability of the subscribesdeleteconfirm method in the comments module of the CMS system Netcat is related to the lack of security measures for the SQL query structure. Exploiting this vulnerability allows an attacker, operating remotely, to gain unauthorized access to the protected...

9.1CVSS5.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.5 views

The vulnerability of the alter_form.php function in the Netcat CMS system allows a hacker to execute arbitrary JavaScript code.

The vulnerability of the alterform.php function in the Netcat CMS system is related to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to execute any JavaScript code in the user’s browser remotely...

9CVSS5.5AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/08/21 12:0 a.m.8 views

The vulnerability of the filemanager module in the CMS system Netcat, which allows a hacker to execute arbitrary JavaScript code

The vulnerability of the filemanager module in the CMS system Netcat exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to execute arbitrary JavaScript code in the user’s browser remotely...

9CVSS5.8AI score
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.8 views

PT-2024-79: Reflected Cross-Site Scripting (XSS) in Netcat CMS (logging module)

The vulnerability was identified in Netcat logging module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

9.3CVSS7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.9 views

PT-2024-75: Time-based SQL Injection in Netcat CMS (module messaging)

The vulnerability was identified in Netcat CMS module messaging, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or...

9.4CVSS6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.10 views

PT-2024-81: Reflected Cross-Site Scripting (XSS) in Netcat CMS (landing module)

The vulnerability was identified in Netcat landing module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

9.3CVSS7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.13 views

PT-2024-91: Time-based SQL Injection in Netcat CMS

The vulnerability was identified in Netcat, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or higher Additional...

9.4CVSS6.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.8 views

PT-2024-88: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module calendar)

The vulnerability was identified in Netcat CMS module calendar, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...

8.8CVSS7.7AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.13 views

PT-2024-84: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)

The vulnerability was identified in Netcat netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

9.3CVSS7.8AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/08/20 12:0 a.m.10 views

PT-2024-92: Reflected Cross-Site Scripting (XSS) in Netcat CMS (filemanager module)

The vulnerability was identified in Netcat filemanager module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

9.3CVSS7.8AI score
Exploits0
Rows per page
Query Builder