25 matches found
Advantive Veracore < 2025.1.1.3 SQL Injection
Advantive Veracore version prior to 2025.1.1.3 is vulnerable to SQL Injection in timeoutWarning.asp functionality, allowing attackers to execute arbitrary SQL queries via the PmSess1 parameter. No source data...
The vulnerability of the Advantive VeraCore cloud-based business process management system lies in its ability to allow unlimited loading of dangerous types of files, enabling attackers to gain unauthorized access to protected information.
The vulnerability of the Advantive VeraCore cloud-based business process management system is related to the unlimited loading of dangerous types of files. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...
CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager EPM to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is ...
CISA Adds Five Known Exploited Vulnerabilities to Catalog
CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-25181link is external Advantive VeraCore SQL Injection Vulnerability CVE-2024-57968link is external Advantive VeraCore Unrestricted File Upload Vulnerability...
Advantive VeraCore SQL Injection Vulnerability
Advantive VeraCore contains a SQL injection vulnerability in timeoutWarning.asp that allows a remote attacker to execute arbitrary SQL commands via the PmSess1 parameter...
Advantive VeraCore Unrestricted File Upload Vulnerability
Advantive VeraCore contains an unrestricted file upload vulnerability that allows a remote unauthenticated attacker to upload files to unintended folders via upload.apsx...
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation o...
CVE-2025-25181
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...
CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...
CVE-2025-25181
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...
CVE-2025-25181
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...
CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...
CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...
CVE-2025-25181
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...
CVE-2025-25181
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter...
CVE-2024-57968
CVE-2024-57968 affects Advantive VeraCore (pre-2024.4.2.1). It is an unrestricted file upload vulnerability that allows a remote authenticated user to upload files to unintended folders (upload.aspx). VeraCore was patched in version 2024.4.2.1. In practice, multiple sources flag active exploitati...
CVE-2025-25181
Advantive VeraCore (through 2025.1.0) contains a SQL injection in timeoutWarning.asp exploitable via the PmSess1 parameter, enabling remote arbitrary SQL execution. Evidence across sources indicates active exploitation of this vulnerability, with mitigations recommending disabling the PmSess1 par...
Advantive VeraCore 安全漏洞
Advantive VeraCore is a SaaS order and warehouse management software from Advantive. A security vulnerability exists in Advantive VeraCore version 2025.1.0 and earlier, which stems from the presence of an SQL injection in timeoutWarning.asp that allows remote attackers to execute arbitrary SQL...
CVE-2025-25181
A SQL injection vulnerability in timeoutWarning.asp in Advantive VeraCore through 2025.1.0 allows remote attackers to execute arbitrary SQL commands via the PmSess1 parameter. Recent assessments: cbeek-r7 at February 05, 2025 8:15pm UTC reported: CVE-2025-25181 is an SQL Injection vulnerability...
CVE-2024-57968
Advantive VeraCore before 2024.4.2.1 allows remote authenticated users to upload files to unintended folders e.g., ones that are accessible during web browsing by other users. upload.aspx can be used for this...