Lucene search
K

64 matches found

OSV
OSV
added 2024/08/21 4:15 p.m.4 views

CVE-2024-7603

Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The...

8.1CVSS5.9AI score0.02016EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/08/21 4:6 p.m.16 views

CVE-2024-7604 Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability

Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw...

5.1CVSS7AI score0.00343EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/21 4:6 p.m.30 views

CVE-2024-7603 Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability

Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The...

7.1CVSS0.02016EPSS
Exploits0References2
CVE
CVE
added 2024/08/21 4:6 p.m.82 views

CVE-2024-7602

Logsign Unified SecOps Platform contains a Directory Traversal Information Disclosure vulnerability in its HTTP API service (listening on port 443 by default). The flaw arises from insufficient validation of a user-supplied path used in file operations, allowing an attacker to disclose sensitive ...

6.5CVSS6.2AI score0.02382EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/21 4:6 p.m.31 views

CVE-2024-7602 Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specif...

6.5CVSS0.02382EPSS
Exploits0References2
CVE
CVE
added 2024/08/21 4:6 p.m.88 views

CVE-2024-7601

CVE-2024-7601 affects Logsign Unified SecOps Platform. The vulnerability resides in the HTTP API service (default port 443) where lack of proper validation of a user-supplied path enables a traversal that can delete arbitrary files in the root context. Exploitation requires authentication, and th...

8.1CVSS7AI score0.01619EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/08/21 4:6 p.m.32 views

CVE-2024-7601 Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability

Logsign Unified SecOps Platform Directory dataexportdeleteall Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerabilit...

7.1CVSS0.01619EPSS
Exploits0References2
Zero Day Initiative
Zero Day Initiative
added 2024/08/08 12:0 a.m.8 views

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The...

6.5CVSS6.2AI score0.02382EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/08/08 12:0 a.m.11 views

Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability

This vulnerability allows local attackers to bypass authentication on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue...

5.1CVSS6.7AI score0.00343EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.10 views

PT-2024-38442 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this...

8.1CVSS6.9AI score0.01619EPSS
Exploits0References7
Zero Day Initiative
Zero Day Initiative
added 2024/08/08 12:0 a.m.10 views

Logsign Unified SecOps Platform Directory Traversal Arbitrary Directory Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary directories on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The...

7.1CVSS6.7AI score0.02016EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/08/08 12:0 a.m.9 views

Logsign Unified SecOps Platform Directory Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue...

7.1CVSS6.7AI score0.02016EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2024/08/08 12:0 a.m.7 views

Logsign Unified SecOps Platform Directory data_export_delete_all Traversal Arbitrary File Deletion Vulnerability

This vulnerability allows remote attackers to delete arbitrary files on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the HTTP API service, which listens on TCP port 443 by default. The issue...

7.1CVSS6.7AI score0.01619EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/05 1:40 p.m.23 views

CVE-2024-39864 Apache CloudStack: Integration API service uses dynamic port when disabled

The CloudStack integration API service allows running its unauthenticated API server usually on port 8096 when configured and enabled via integration.api.port global setting for internal portal integrations and for testing purposes. By default, the integration API service port is disabled and is...

9.9AI score0.01772EPSS
Exploits0References4
NVD
NVD
added 2024/06/05 6:15 p.m.20 views

CVE-2024-5184

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...

9.1CVSS6.6AI score0.00541EPSS
Exploits0References1
CVE
CVE
added 2024/06/05 5:52 p.m.91 views

CVE-2024-5184

CVE-2024-5184 affects the EmailGPT service. The vulnerability is a prompt injection flaw in the service’s API, enabling a malicious user to inject prompts and take over service logic. Exploitation can force leakage of hard-coded system prompts and/or execution of unwanted prompts, with attacks po...

9.1CVSS6.9AI score0.00541EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/05 5:52 p.m.29 views

CVE-2024-5184 Prompt Injection in EmailGPT

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...

8.5CVSS6.6AI score0.00541EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/05 5:52 p.m.28 views

CVE-2024-5184 Prompt Injection in EmailGPT

The EmailGPT service contains a prompt injection vulnerability. The service uses an API service that allows a malicious user to inject a direct prompt and take over the service logic. Attackers can exploit the issue by forcing the AI service to leak the standard hard-coded system prompts and/or...

8.5CVSS7.1AI score0.00541EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2023/03/07 7:42 a.m.2 views

Shein's Android App Caught Transmitting Clipboard Data to Remote Servers

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server. The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The iss...

6.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/01/17 12:58 p.m.11 views

CVE-2015-10059 s134328 Webapplication-Veganguide apiService.js cross site scripting

A vulnerability has been found in s134328 Webapplication-Veganguide and classified as problematic. This vulnerability affects unknown code of the file p05-integration/app/shared/api/apiService.js. The manipulation of the argument country/city leads to cross site scripting. The attack can be...

4CVSS6.5AI score0.00521EPSS
Exploits0References3
Rows per page
Query Builder