Information disclosure

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

Improper access control

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...

Cross site scripting

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...

CVE-2020-10510 Sunnet eHRD - Broken Access Control

Sunnet eHRD, a human training and development management system, contains a vulnerability of Broken Access Control. After login, attackers can use a specific URL, access unauthorized functionality and data...

CVE-2020-10510

CVE-2020-10510 affects Sunnet eHRD (human training and development management system). According to the provided documents, it involves Broken Access Control where, after login, an attacker can access an unauthorized URL to reach restricted functionality and data. The CVSS metrics from NVD indica...

CVE-2020-10508 Sunnet eHRD - Sensitive Data Exposure

Sunnet eHRD, a human training and development management system, improperly stores system files. Attackers can use a specific URL and capture confidential information...

CVE-2020-10508

CVE-2020-10508 affects Sunnet eHRD, a human training and development management system. The vulnerability is an information-disclosure flaw caused by improper storage of system files, enabling an attacker to access confidential information via a specific URL. Multiple sources (NVD and CVE lists) ...

CVE-2020-10509 Sunnet eHRD - Cross-Site Scripting

Sunnet eHRD, a human training and development management system, contains vulnerability of Cross-Site Scripting XSS, attackers can inject arbitrary command into the system and launch XSS attack...

CVE-2020-10509

CVE-2020-10509 affects Sunnet eHRD (Web application). The connected CNVD entry reports a Cross-Site Scripting (XSS) vulnerability caused by lack of proper validation of client-side data in the WEB application, allowing an attacker to execute client-side code via XSS. NVD reiterates XSS with injec...

Sunnet eHRD Information Disclosure Vulnerability

Sunnet eHRD is a talent training and development management system. An information disclosure vulnerability exists in Sunnet eHRD. The vulnerability stems from eHRD improperly storing system files. An attacker can exploit the vulnerability to obtain confidential information via a specific URL...

Sunnet eHRD Improper Access Control Vulnerability

Sunnet eHRD is a talent training and development management system. An improper access control vulnerability exists in Sunnet eHRD. An authenticated attacker could exploit the vulnerability to access unauthorized functionality and data via a specific URL...

CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

Command injection

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062 SUNNET WMPro v5.0 and v5.1 has OS Command Injection

The SUNNET WMPro v5.0 and v5.1 for eLearning system has OS Command Injection via "/teach/course/doajaxfileupload.php". The target server can be exploited without authentication...

CVE-2019-11062

The CVE-2019-11062 entry affects SUNNET WMPro v5.0 and v5.1 for the eLearning system. Affected component: the API endpoint /teach/course/doajaxfileupload.php, where OS Command Injection is possible. Root cause described as unauthenticated remote command execution on the target server. Impact is h...

PT-2019-12159 · Sunnet · Sunnet Wmpro

Name of the Vulnerable Software and Affected Versions: SUNNET WMPro versions 5.0 through 5.1 Description: The issue concerns an OS Command Injection vulnerability. It can be exploited via the "/teach/course/doajaxfileupload.php" API endpoint without requiring authentication. Recommendations: For...

Solaris 2.6 (sparc) : 104018-11

The remote host is missing Sun Security Patch number 104018-11 Solstice Site/SunNet/Domain Manager 2.3 Rev B: jumbo patch. Date this patch was last updated by Sun : Thu Jul 22 03:32:11 MDT 2004 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This...

Solaris 7 (sparc) : 104018-11

The remote host is missing Sun Security Patch number 104018-11 Solstice Site/SunNet/Domain Manager 2.3 Rev B: jumbo patch. Date this patch was last updated by Sun : Thu Jul 22 03:32:11 MDT 2004 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This...

Solaris 2.5.1 (sparc) : 104018-11

The remote host is missing Sun Security Patch number 104018-11 Solstice Site/SunNet/Domain Manager 2.3 Rev B: jumbo patch. Date this patch was last updated by Sun : Thu Jul 22 03:32:11 MDT 2004 You should install this patch for your system to be up-to-date. %NASLMINLEVEL 999999 @DEPRECATED@ This...