Lucene search
K

151 matches found

Prion
Prion
added 2019/05/17 9:29 p.m.13 views

Cross site request forgery (csrf)

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

5CVSS5.1AI score0.02771EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2019/05/17 9:29 p.m.3 views

CVE-2019-12163

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

5.3CVSS6.1AI score0.02771EPSS
Exploits1References3
CVE
CVE
added 2019/05/17 8:17 p.m.51 views

CVE-2019-12163

GAT-Ship Web Module prior to 1.31 is vulnerable to information disclosure via the ws/gatshipWs.asmx/SqlVersion endpoint. The root cause is exposure of potentially sensitive data through that API call. Affected versions: earlier than 1.31. Remediation: upgrade to 1.31 or later; as a temporary cont...

5.3CVSS5.1AI score0.02771EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2019/05/17 8:17 p.m.14 views

CVE-2019-12163

GAT-Ship Web Module through 1.30 allows remote attackers to obtain potentially sensitive information via in a ws/gatshipWs.asmx/SqlVersion request...

5.2AI score0.02771EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2019/05/17 12:0 a.m.338 views

GAT-Ship Web Module 1.30 Information Disclosure

GAT-Ship Web Module 1.30 - Unauthenticated Information Disclosure Vulnerability It is possible in versions 1.30 and below for unauthenticated attackers to query the GAT-Ship Web Module for system information via a crafted request: PoC:...

7.4AI score
Exploits0
0day.today
0day.today
added 2019/04/28 12:0 a.m.64 views

GAT-Ship Web Module Unrestricted File Upload Vulnerability

Exploit for asp platform in category web applications GAT-Ship Web Module before the current version 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx" Fix: Upgrad...

7.5CVSS0.1AI score0.0274EPSS
Exploits1
NVD
NVD
added 2019/04/09 2:29 p.m.18 views

CVE-2019-11028

GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...

8.8CVSS8.6AI score0.0274EPSS
Exploits1References4
OSV
OSV
added 2019/04/09 2:29 p.m.5 views

CVE-2019-11028

GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...

8.8CVSS5.8AI score0.0274EPSS
Exploits1References4
Prion
Prion
added 2019/04/09 2:29 p.m.11 views

Design/Logic Flaw

GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...

6.5CVSS8.5AI score0.0274EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2019/04/09 1:9 p.m.45 views

CVE-2019-11028

GAT-Ship Web Module is vulnerable to an authenticated unrestricted file upload in the Documents area (uploadDocFile.aspx) on versions before 1.40. The root cause is an improper validation allowing uploading of any file type to the server, enabling potential arbitrary content handling. There is no...

8.8CVSS8.4AI score0.0274EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2019/04/09 1:9 p.m.25 views

CVE-2019-11028

GAT-Ship Web Module before 1.40 suffers from a vulnerability allowing authenticated attackers to upload any file type to the server via the "Documents" area. This vulnerability is related to "uploadDocFile.aspx"...

8.6AI score0.0274EPSS
Exploits1References4
OSV
OSV
added 2018/01/24 4:29 p.m.5 views

CVE-2018-4834

A vulnerability has been identified in Desigo PXC00-E.D V4.10 All versions V4.10.111, Desigo PXC00-E.D V5.00 All versions V5.0.171, Desigo PXC00-E.D V5.10 All versions V5.10.69, Desigo PXC00-E.D V6.00 All versions V6.0.204, Desigo PXC00/64/128-U V4.10 All versions V4.10.111 only with web module,...

9.8CVSS5.7AI score0.03352EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2018/01/24 12:0 a.m.3 views

PT-2018-16559 · Siemens · Desigo Pxc22.1-E.D +10

Name of the Vulnerable Software and Affected Versions: Desigo PXC00-E.D versions V4.10 through V4.10.110 Desigo PXC00-E.D versions V5.00 through V5.0.170 Desigo PXC00-E.D versions V5.10 through V5.10.68 Desigo PXC00-E.D versions V6.00 through V6.0.203 Desigo PXC00/64/128-U versions V4.10 through...

10CVSS9.3AI score0.03352EPSS
Exploits0References2
0day.today
0day.today
added 2017/06/10 12:0 a.m.33 views

Craft CMS 2.6 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: Craft CMS 2.6 - Cross-Site Scripting/Unrestricted File Upload Date: 2017-06-08 Exploit Author: Ahsan Tahir Vendor Homepage: https://craftcms.com Software Link: http://download.craftcdn.com/craft/2.6/2.6.2981/Craft-2.6.2981.zip...

7.1AI score
Exploits0
CNVD
CNVD
added 2016/12/19 12:0 a.m.4 views

Entropy Insufficiency Vulnerability in Pseudo-Random Number Generation in SIEMENS Desigo PX Web Module

SIEMENS Building Automation Systems Desigo PX programmable automation station offers a flexible solution with the ability to signal alarms, time-based logging programs and trends that can be modified or expanded at any time. An entropy insufficiency vulnerability exists in the pseudo-random numbe...

7.5CVSS7AI score0.01499EPSS
Exploits0References1
ICS
ICS
added 2016/09/23 6:0 a.m.50 views

Siemens Desigo PX Web Module Insufficient Entropy Vulnerability

OVERVIEW Siemens has released a firmware update to mitigate an insufficient entropy vulnerability that affects Siemens Desigo PX Web modules. Marcella Hastings, Joshua Fried, and Nadia Heninger from the University of Pennsylvania coordinated this vulnerability directly with Siemens. This...

7.5CVSS7.8AI score0.01499EPSS
Exploits0References10
seebug.org
seebug.org
added 2016/08/11 12:0 a.m.114 views

Dahan jcms /jcms/jcms_files/jcms1/web1/site/module/comment/opr_ballot. jsp parameters c_uuid time blind

No description provided by source...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2016/02/11 12:0 a.m.37 views

Getdpd Cross Site Scripting

Document Title: =============== Getdpd Bug Bounty 6 - Import Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1718 Release Date: ============= 2016-02-09 Vulnerability Laboratory ID VL-ID: ==================================== 1718...

7.4AI score
Exploits0
Vulnerability Lab
Vulnerability Lab
added 2015/05/07 12:0 a.m.35 views

Yahoo eMarketing Bug Bounty #31 - Cross Site Vulnerability

Document Title: =============== Yahoo eMarketing Bug Bounty 31 - Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1491 Yahoo Security ID H1: 55395 Release Date: ============= 2015-05-07 Vulnerability Laboratory ID VL-ID:...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.9 views

Sofi WebGui <= 0.6.3 PRE (mod_dir) Remote File Inclusion Vulnerability

No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Sofi WebGui = 0.6.3 PRE Remote File Inclusion Vulnerability Script site:...

7.1AI score
Exploits0
Rows per page
Query Builder