99 matches found
📄 GeoVision ASManager Windows Application 6.1.2.0 Remote Code Execution
GeoVision ASManager Windows Application version 6.1.2.0 suffers from a remote code execution vulnerability. Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage:...
GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution (RCE)
Exploit Title: GeoVision ASManager Windows Application 6.1.2.0 - Remote Code Execution RCE Date: 19-MAR-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage: https://www.geovision.com.tw/ Software Link: https://www.geovision.com.tw/download/product/ Version: 6.1.2.0 or less Tested on:...
CVE-2025-48472 FreeScout Vulnerable to Insufficient Authorization
FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.179, there is no check to ensure that the user is disabling notifications for the mailbox to which they already have access. Moreover, the code explicitly implements functionality that if the user does not have...
CVE-2024-23713
In migrateNotificationFilter of NotificationManagerService.java, there is a possible failure to persist notifications settings due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2022-1605
The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...
PT-2025-23174 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.179 Description: The issue concerns the lack of a check to ensure users can only disable notifications for mailboxes they already have access to. The code allows users to gain access to a mailbox by disabling o...
Cross-site Scripting (XSS)
Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the HTML content of email notification settings. An attacker can inject malicious scripts by crafting malicious inputs that are rendered in the preview mode. Note: This is only exploitable if the attacker ha...
CVE-2025-26264
GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...
CVE-2025-26264
GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...
CVE-2025-26264
GeoVision GV-ASWeb with the version 6.1.2.0 or less fixed in 6.2.0, contains a Remote Code Execution RCE vulnerability within its Notification Settings feature. An authenticated attacker with "System Settings" privileges in ASWeb can exploit this flaw to execute arbitrary commands on the server,...
CVE-2025-26264
Geovision GV-ASWeb (ASManager) versions 6.1.2.0 or earlier are affected by a Remote Code Execution (RCE) vulnerability in the Notification Settings feature. An authenticated attacker with System Settings privileges can exploit this flaw to run arbitrary commands on the server, potentially leading...
Exploit for CVE-2025-26264
CVE-2025-26264 CVE-2025-26264 - GeoVision GV-ASWeb with the ve...
CVE-2025-20893
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications...
CVE-2025-20893
Improper access control in NotificationManager prior to SMR Jan-2025 Release 1 allows local attackers to change the configuration of notifications...
CVE-2024-7877
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...
CVE-2024-7877
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...
CVE-2024-7877 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...
CVE-2024-7877
CVE-2024-7877 concerns the WordPress plugin Appointment Booking Calendar — Simply Schedule Appointments (versions prior to 1.6.7.55). The issue arises from inadequate sanitization/escaping of certain Notification settings, enabling stored Cross-Site Scripting (XSS) by authenticated users with adm...
CVE-2024-7877 Appointment Booking Calendar < 1.6.7.55 - Admin+ Stored XSS
The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin before 1.6.7.55 does not sanitise and escape some of its Notification settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is...
PT-2024-38653 · WordPress · The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin
Name of the Vulnerable Software and Affected Versions: The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin WordPress plugin versions prior to 1.6.7.55 Description: The issue is related to the lack of sanitization and escaping of some Notification settings in the plugin,...