47 matches found
EUVD-2020-21251
Malware in sbrugna...
EUVD-2020-21250
Malware in sbrugna...
EUVD-2020-21253
Malware in sbrugna...
EUVD-2020-21249
Malware in sbrugna...
EUVD-2020-21248
Malware in sbrugna...
CVE-2020-28857
OpenAsset Digital Asset Management DAM through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks...
CVE-2020-28858
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions...
OpenAsset Digital Asset Management XSS Injection Vulnerability
Openasset is a digital asset management software for the website building industry from Openasset UK. The OpenAsset Digital Asset Management software product suffers from an XSS injection vulnerability that could allow a remote attacker to inject arbitrary JavaScript or HTML for later rendering b...
OpenAsset Digital Asset Management SQL Injection Vulnerability
Openasset is a digital asset management software for the website building industry from Openasset UK. OpenAsset Digital Asset Management suffers from a SQL injection vulnerability that originates from a blind remote SQL injection via authentication, which can be exploited by an attacker to gain...
CVE-2020-28860
OpenAssetDigital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection...
CVE-2020-28860
OpenAssetDigital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection...
CVE-2020-28861
OpenAsset Digital Asset Management DAM 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application...
CVE-2020-28861
OpenAsset Digital Asset Management DAM 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application...
Sql injection
OpenAssetDigital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection...
Improper access control
OpenAsset Digital Asset Management DAM 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application...
CVE-2020-28861
OpenAsset Digital Asset Management DAM 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application...
CVE-2020-28861
CVE-2020-28861 affects OpenAsset Digital Asset Management (DAM) 12.0.19 and earlier. The vulnerability is an access control flaw on the /Stream/ProjectsCSV endpoint that allows unauthenticated attackers to retrieve potentially sensitive project data. Connected sources indicate vulnerable versions...
CVE-2020-28860
OpenAsset Digital Asset Management (DAM) up to 12.0.19 is affected by an authenticated blind SQL injection caused by improper sanitization of user input in SQL queries. The vulnerability is triggered via the /AJAXPage/SearchResults endpoint, using the currentSearchItems parameter, allowing an att...
CVE-2020-28858
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions...
CVE-2020-28857
OpenAsset Digital Asset Management DAM through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks...