Lucene search
K

601 matches found

Cvelist
Cvelist
added 2024/11/04 12:0 a.m.35 views

CVE-2024-34882

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send SMTP account passwords to an arbitrary server via HTTP POST request...

0.00339EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.9 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

6.9AI score0.00424EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.29 views

CVE-2024-34885

Insufficiently protected credentials in SMTP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read SMTP accounts passwords via HTTP GET request...

0.00424EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.22 views

CVE-2024-34883

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allow remote administrators to read proxy-server accounts passwords via HTTP GET request...

0.00371EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.22 views

CVE-2024-34887

Insufficiently protected credentials in AD/LDAP server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to send AD/LDAP administrators account passwords to an arbitrary server via HTTP POST request...

7.2AI score0.00339EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/11/04 12:0 a.m.6 views

Bitrix24 安全漏洞

Bitrix24 is a suite of enterprise social platforms from Bitrix USA. The platform includes features such as online communication, calendar management and CRM Customer Relationship Management. A security vulnerability exists in Bitrix24 version 23.300.100, which originates from a remote administrat...

6.8CVSS6.8AI score0.0029EPSS
Exploits1References2
CVE
CVE
added 2024/11/04 12:0 a.m.67 views

CVE-2024-34887

CVE-2024-34887 affects 1C-Bitrix Bitrix24 23.300.100. The issue is "insufficiently protected credentials" in AD/LDAP server settings, enabling remote administrators to exfiltrate AD/LDAP administrator passwords to an arbitrary server via HTTP POST. Public sources (Red Hat, CNNVD, CVE listings) de...

6.8CVSS6.8AI score0.00339EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/04 12:0 a.m.10 views

CVE-2024-34891

Insufficiently protected credentials in DAV server settings in 1C-Bitrix Bitrix24 23.300.100 allows remote administrators to read Exchange account passwords via HTTP GET request...

6.9AI score0.0029EPSS
Exploits1References2
OSV
OSV
added 2024/10/14 4:15 a.m.3 views

CVE-2024-9923

The Team+ from TEAMPLUS TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with administrator privileges to move arbitrary system files to the website root directory and access them...

4.9CVSS5.9AI score0.00594EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/12 1:38 p.m.5 views

CVE-2024-7694

ThreatSonar Anti-Ransomware from TeamT5 does not properly validate the content of uploaded files. Remote attackers with administrator privileges on the product platform can upload malicious files, which can be used to execute arbitrary system command on the server...

7.2CVSS6AI score0.01807EPSS
In wildExploits0References3
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.9 views

PT-2024-36002

Name of the Vulnerable Software and Affected Versions: Openfind Mail2000 affected versions not specified Description: The issue is related to improper filtering of parameters in a specific API, allowing remote attackers with administrative privileges to execute arbitrary system commands on the...

7.2CVSS6.2AI score0.00562EPSS
Exploits0References4
OSV
OSV
added 2024/04/29 3:15 a.m.6 views

CVE-2024-4297

The system configuration interface of HGiga iSherlock including MailSherlock, SpamSherlock, AuditSherlock fails to filter special characters in certain function parameters, allowing remote attackers with administrative privileges to exploit this vulnerability to download arbitrary system files...

4.9CVSS5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2023/11/17 12:0 a.m.5 views

Devellion CubeCart Security Breach

Devellion CubeCart is a free and open source e-commerce shopping cart software from the company of Devellion UK. The software supports selling products, adding/editing products or images in an online store, etc. A security vulnerability exists in Devellion CubeCart versions prior to 6.5.3, which...

6.5CVSS6.7AI score0.01286EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.8 views

PT-2023-16031 · Synology · Synology Diskstation Manager

Name of the Vulnerable Software and Affected Versions: Synology DiskStation Manager DSM versions 6.2.4-25556-7 and earlier, 7.0.1-42218-6 and earlier Synology DiskStation Manager DSM version 7.1-42660 and earlier Description: The issue allows remote authenticated users with administrator privileg...

8.1CVSS6.5AI score0.0097EPSS
Exploits0References5
Prion
Prion
added 2023/03/29 5:15 a.m.17 views

Command injection

An OS command injection vulnerability has been reported to affect QNAP operating systems. If exploited, the vulnerability possibly allows remote authenticated administrators to execute commands via unspecified vectors. QES is not affected. We have already fixed the vulnerability in the following...

5.8CVSS7.2AI score0.01226EPSS
Exploits0References1Affected Software2
F5 Networks
F5 Networks
added 2023/02/21 8:1 p.m.35 views

K42204713: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2016-3424 Unspecified vulnerability in Oracle MySQL 5.7.12 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-3440 Unspecified vulnerability in Oracle MySQL 5.7.11 and earlier allows remote...

8.1CVSS5.5AI score0.05826EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.38 views

K47605350: MySQL vulnerability CVE-2016-5631

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.13 and earlier allows remote administrators to affect availability via vectors related to Server: Memcached. CVE-2016-5631 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

4.9CVSS5.5AI score0.02471EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.23 views

K30255576: MySQL vulnerability CVE-2016-5507

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.6.32 and earlier and 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: InnoDB. CVE-2016-5507 Impact There is no impact; F5 products are not affected by this vulnerability...

6.8CVSS6.3AI score0.02779EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 7:0 p.m.43 views

K15535113: MySQL vulnerability CVE-2016-5632

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.7.14 and earlier allows remote administrators to affect availability via vectors related to Server: Optimizer. CVE-2016-5632 Impact There is no impact; F5 products are not affected by this vulnerability. Security Advisory...

4.9CVSS5.4AI score0.02471EPSS
Exploits0
F5 Networks
F5 Networks
added 2023/02/21 6:53 p.m.38 views

K62477129: MySQL vulnerability CVE-2016-5584

Security Advisory Description Unspecified vulnerability in Oracle MySQL 5.5.52 and earlier, 5.6.33 and earlier, and 5.7.15 and earlier allows remote administrators to affect confidentiality via vectors related to Server: Security: Encryption. CVE-2016-5584 Impact There is no impact; F5 products a...

4.4CVSS6.5AI score0.01493EPSS
Exploits0
Rows per page
Query Builder