15 matches found
EUVD-2020-21250
Malware in sbrugna...
EUVD-2020-21253
Malware in sbrugna...
EUVD-2020-21249
Malware in sbrugna...
CVE-2020-28857
OpenAsset Digital Asset Management DAM through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks...
CVE-2020-28860
OpenAssetDigital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection...
CVE-2020-28861
OpenAsset Digital Asset Management DAM 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application...
CVE-2020-28857
OpenAsset Digital Asset Management DAM through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks...
CVE-2020-28857
OpenAsset Digital Asset Management DAM through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks...
CVE-2020-28859
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks...
CVE-2020-28858
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly verify whether a request made to the application was intentionally made by the user, allowing for cross-site request forgery attacks on all user functions...
CVE-2020-28856
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access...
CVE-2020-28856
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access...
OpenAsset Digital Asset Management Cross Site Scripting
Title: Stored cross-site scripting XSS Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.23 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28857 Author: Jack Misiura from The...
OpenAsset Digital Asset Management IP Access Control Bypass
Title: IP access control bypass Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.20 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28856 Author: Jack Misiura from The Missing...
OpenAsset Digital Asset Management SQL Injection
Title: Authenticated blind SQL injection SQLi Product: OpenAsset Digital Asset Management by OpenAsset Vendor Homepage: https://www.openasset.com/ Vulnerable Version: 12.0.19 Cloud 11.2.1 On-premise Fixed Version: 12.0.23 Cloud 11.4.10 On-premise CVE Number: CVE-2020-28860 Author: Jack Misiura fr...