Lucene search
K

2007 matches found

CVE
CVE
added 2023/04/26 12:0 a.m.85 views

CVE-2023-29443

Summary of CVE-2023-29443 from connected sources: Multiple ManageEngine products (ServiceDesk Plus, ServiceDesk Plus MSP, SupportCenter Plus, AssetExplorer) are affected by an XML External Entity (XXE) vulnerability. A privileged SDAdmin can configure a malicious server to return malformed XML vi...

4.9CVSS5AI score0.03026EPSS
Exploits0References1Affected Software4
Positive Technologies
Positive Technologies
added 2023/04/25 12:0 a.m.4 views

PT-2023-13899 · Unknown · Pingfederate

Name of the Vulnerable Software and Affected Versions: PingFederate affected versions not specified Description: The issue concerns a Cross-Site Request Forgery CSRF vulnerability. It affects the "/pf/idprofile.ping" API endpoint, which is vulnerable to crafted GET requests. Recommendations: At t...

8.8CVSS8.7AI score0.00181EPSS
Exploits0References2
CNVD
CNVD
added 2023/04/24 12:0 a.m.6 views

Modoboa Information Disclosure Vulnerability

modoboa is an email hosting and management platform for individual developers. An information disclosure vulnerability exists in modoboa versions prior to 2.1.0, which originates when /api/v2/parameters/core/ returns sensitive information without any authentication or authorization. An attacker c...

9.1CVSS6.2AI score0.43756EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.4 views

PT-2023-22473 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the UpdateWanParams interface at the "/goform/aspForm" API endpoint. Recommendations: For H3C Magic R200 version R200V100R004, consider restricting...

4.9CVSS7AI score0.00787EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.5 views

PT-2023-22461 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the UpdateSnat interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200 versi...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.5 views

PT-2023-22467 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the UpdateMacClone interface at the "/goform/aspForm" API endpoint. This issue affects the specified version of the H3C Magic R200. Recommendations: Fo...

4.9CVSS5.3AI score0.00787EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.4 views

PT-2023-22470 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the SetAPWifiorLedInfoById interface at the "/goform/aspForm" API endpoint. Recommendations: For H3C Magic R200 version R200V100R004, consider disablin...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.6 views

PT-2023-22471 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the DeltriggerList interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.6 views

PT-2023-22464 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the SetMobileAPInfoById interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.5 views

PT-2023-22469 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the DelvsList interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200 versio...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.5 views

PT-2023-22463 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the Edit BasicSSID 5G interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R20...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/21 12:0 a.m.5 views

PT-2023-22468 · H3C · H3C Magic R200

Name of the Vulnerable Software and Affected Versions: H3C Magic R200 version R200V100R004 Description: A stack overflow issue was discovered via the AddMacList interface at the "/goform/aspForm" API endpoint. This issue affects the H3C Magic R200 device. Recommendations: For H3C Magic R200 versi...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/20 12:0 a.m.3 views

PT-2023-22525 · Unknown · Sourcecodester Judging Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Judging Management System version 1.0 Description: The issue is related to SQL Injection, which can be exploited via the "/php-jms/print judges.php" API endpoint with specific parameters such as se name and sub event id...

9.8CVSS9.3AI score0.00752EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2023/04/20 12:0 a.m.341 views

FUXA V.1.1.13-1186 - Unauthenticated Remote Code Execution (RCE)

Exploit Title: FUXA V.1.1.13-1186- Unauthenticated Remote Code Execution RCE Date: 18/04/2023 Exploit Author: Rodolfo Mariano Vendor Homepage: https://github.com/frangoteam/FUXA Version: FUXA V.1.1.13-1186 current from argparse import RawTextHelpFormatter import argparse, sys, threading, requests...

7.4AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/04/19 12:0 a.m.5 views

PT-2023-21341 · Unknown · Online Jewelry Shop

Name of the Vulnerable Software and Affected Versions: Online Jewelry Shop version 1.0 Description: A stored cross-site scripting XSS issue in the "/index.php?page=category list" API endpoint of Online Jewelry Shop allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

5.4CVSS5.3AI score0.00477EPSS
Exploits1References5
AlpineLinux
AlpineLinux
added 2023/04/14 2:15 p.m.28 views

CVE-2022-45170

An issue was discovered in LIVEBOX Collaboration vDesk through v018. A Cryptographic Issue can occur under the /api/v1/vencrypt/decrypt/file endpoint. A malicious user, logged into a victim's account, is able to decipher a file without knowing the key set by the user...

6.5CVSS6.5AI score0.00444EPSS
Exploits1References1
Prion
Prion
added 2023/04/14 2:15 p.m.22 views

Improper access control

An issue was discovered in LIVEBOX Collaboration vDesk through v018. Broken Access Control exists under the /api/v1/vdeskDOMAIN/export endpoint. A malicious user, authenticated to the product without any specific privilege, can use the API for exporting information about all users of the system a...

4CVSS6.2AI score0.00713EPSS
Exploits1References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.4 views

PT-2023-22337 · Unknown · Yoga Class Registration System

Name of the Vulnerable Software and Affected Versions: Yoga Class Registration System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the cid parameter at the "/admin/login.php" API endpoint. Recommendations: For Yoga Class...

7.5CVSS7.6AI score0.00672EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.4 views

PT-2023-21358 · H3C · H3C Magic R100

Name of the Vulnerable Software and Affected Versions: H3C Magic R100 version R100V100R005.bin Description: A stack overflow issue was discovered via the DeltriggerList interface at the "/goform/aspForm" API endpoint. This issue allows attackers to cause a Denial of Service DoS by sending a craft...

4.9CVSS5.1AI score0.00787EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.3 views

PT-2023-20883 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was found via the pppoeAcName parameter at the "/setting/setWanIeCfg" API endpoint. Recommendations: For version 7.4cu.2313 B20191024, avoid using the...

9.8CVSS9.6AI score0.0192EPSS
Exploits1References2
Rows per page
Query Builder