Lucene search
K

48 matches found

OSV
OSV
added 2022/06/06 3:15 p.m.3 views

CVE-2021-41932

A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc...

8.8CVSS5.8AI score0.01001EPSS
Exploits1References1
Prion
Prion
added 2022/06/06 3:15 p.m.18 views

Sql injection

A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc...

6.5CVSS8.6AI score0.01001EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/06/06 2:33 p.m.74 views

CVE-2021-41932

CVE-2021-41932 concerns Wolters Kluwer TeamMate+ Audit, affected version 28.0.19.0. A blind SQL injection exists in the search form, enabling any authenticated user to inject malicious SQL. The underlying cause is a lack of proper filtering/escaping of SQL data in the search forms. Reported impac...

8.8CVSS8.7AI score0.01001EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/06 2:33 p.m.17 views

CVE-2021-41932

A blind SQL injection vulnerability in search form in TeamMate+ Audit version 28.0.19.0 allows any authenticated user to create malicious SQL injections, which can result in complete database compromise, gaining information about other users, unauthorized access to audit data etc...

8.9AI score0.01001EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/06 12:0 a.m.5 views

Wolters Kluwer TeamMate+ Audit SQL注入漏洞

Wolters Kluwer TeamMate Audit is a cloud-based audit management tool from Wolters Kluwer Netherlands. A SQL injection vulnerability exists in Wolters Kluwer TeamMate Audit version 28.0.19.0, which stems from a lack of filtering and escaping of SQL data in search forms. An attacker could use this...

8.8CVSS5.9AI score0.01001EPSS
Exploits1References2
Hacker One
Hacker One
added 2022/02/16 3:23 a.m.36 views

SecurityScorecard: HTML injection through Invite Teammate email

Summary: I found HTML injection on domain https://platform.securityscorecard.io/ when we send invite teammate email. In this case "message" parameter is vulnerable. Steps To Reproduce: 1. Go to page https://platform.securityscorecard.io/ and login. 2. Now go to page...

7.1AI score
Exploits0
NVD
NVD
added 2021/12/17 4:15 p.m.17 views

CVE-2021-44035

Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...

7.8CVSS0.00548EPSS
Exploits0References3
OSV
OSV
added 2021/12/17 4:15 p.m.6 views

CVE-2021-44035

Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...

7.8CVSS7.2AI score0.00548EPSS
Exploits0References3
Prion
Prion
added 2021/12/17 4:15 p.m.21 views

Code injection

Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...

6.8CVSS7.7AI score0.00548EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/12/17 3:17 p.m.36 views

CVE-2021-44035

Wolters Kluwer TeamMate AM 12.4 Update 1 mishandles attachment uploads, such that an authenticated user may download and execute malicious files...

4.4CVSS7.9AI score0.00548EPSS
Exploits0References3
CVE
CVE
added 2021/12/17 3:17 p.m.54 views

CVE-2021-44035

CVE-2021-44035 affects Wolters Kluwer TeamMate AM 12.4 Update 1. The vulnerability stems from mishandling of attachment uploads, enabling an authenticated user to download and execute malicious files. The available connected documents confirm the affected product and the root cause as described, ...

7.8CVSS7.6AI score0.00548EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/12/17 12:0 a.m.5 views

Wolters Kluwer TeamMate AM 安全漏洞

Wolters Kluwer Financial Services TeamMate+ is a suite of financial audit management software from Wolters Kluwer Financial Services, USA. A security vulnerability exists in Wolters Kluwer TeamMate AM that stems from improper handling of attachment uploads, so that an authenticated user could...

7.8CVSS7.4AI score0.00548EPSS
Exploits0References3
OSV
OSV
added 2019/09/09 9:15 p.m.3 views

CVE-2019-10253

A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...

6.5CVSS6.7AI score0.00655EPSS
Exploits3References2
NVD
NVD
added 2019/09/09 9:15 p.m.26 views

CVE-2019-10253

A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...

6.5CVSS6.6AI score0.00655EPSS
Exploits3References2
Prion
Prion
added 2019/09/09 9:15 p.m.14 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...

4.3CVSS6.5AI score0.00655EPSS
Exploits3References2Affected Software1
Cvelist
Cvelist
added 2019/09/09 8:51 p.m.30 views

CVE-2019-10253

A Cross-Site Request Forgery CSRF vulnerability exists in TeamMate+ 21.0.0.0 that allows a remote attacker to modify application data upload malicious/forged files on a TeamMate server, or replace existing uploaded files with malicious/forged files. The specific flaw exists within the handling of...

6.5AI score0.00655EPSS
Exploits3References2
CVE
CVE
added 2019/09/09 8:51 p.m.150 views

CVE-2019-10253

The CVE-2019-10253 entry concerns TeamMate+ 21.0.0.0 and describes a Cross-Site Request Forgery (CSRF) flaw in Upload/DomainObjectDocumentUpload.ashx where CSRF token validation is not performed for POST requests, allowing a remote attacker to modify data or replace uploaded files. Connected sour...

6.5CVSS6.5AI score0.00655EPSS
Exploits3References2Affected Software1
CNVD
CNVD
added 2019/09/04 12:0 a.m.3 views

Wolters Kluwer Financial Services TeamMate+ Cross-Site Request Forgery Vulnerability

Wolters Kluwer Financial Services TeamMate+ is a suite of financial audit management software from Wolters Kluwer Financial Services, USA. A cross-site request forgery vulnerability exists in Wolters Kluwer Financial Services TeamMate+, which can be exploited by an attacker to send unintended...

6.5CVSS6.9AI score0.00655EPSS
Exploits3References1
Exploit DB
Exploit DB
added 2019/09/02 12:0 a.m.58 views

Wolters Kluwer TeamMate 3.1 - Cross-Site Request Forgery

Hello, Please find the below vulnerability details, --------------------------------------------------------------------------------------------------------------------------------- Exploit Title: Wolters Kluwer TeamMate+ – Cross-Site Request Forgery CSRF vulnerability Date: 02/09/2019 Exploit...

6.5CVSS6.8AI score0.00655EPSS
Exploits3
Packet Storm
Packet Storm
added 2019/09/02 12:0 a.m.360 views

Wolters Kluwer TeamMate+ 3.1 Cross Site Request Forgery

Title: ==== Wolters Kluwer TeamMate+ – Cross-Site Request Forgery CSRF vulnerability Credit: ====== Name: Bhadresh Patel CVE: ==== CVE-2019-10253 Date: ==== 19/03/2019 dd/mm/yyyy Vendor: ====== Wolters Kluwer is a global leader in professional information, software solutions, and services for the...

0.2AI score0.00655EPSS
Exploits3
Rows per page
Query Builder