Lucene search
K

2010 matches found

Positive Technologies
Positive Technologies
added 2023/04/14 12:0 a.m.5 views

PT-2023-22337 · Unknown · Yoga Class Registration System

Name of the Vulnerable Software and Affected Versions: Yoga Class Registration System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the cid parameter at the "/admin/login.php" API endpoint. Recommendations: For Yoga Class...

7.5CVSS7.6AI score0.00672EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.5 views

PT-2023-21358 · H3C · H3C Magic R100

Name of the Vulnerable Software and Affected Versions: H3C Magic R100 version R100V100R005.bin Description: A stack overflow issue was discovered via the DeltriggerList interface at the "/goform/aspForm" API endpoint. This issue allows attackers to cause a Denial of Service DoS by sending a craft...

4.9CVSS5.1AI score0.00787EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.3 views

PT-2023-20883 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: TOTOlink A7100RU version 7.4cu.2313 B20191024 Description: A command injection issue was found via the pppoeAcName parameter at the "/setting/setWanIeCfg" API endpoint. Recommendations: For version 7.4cu.2313 B20191024, avoid using the...

9.8CVSS9.6AI score0.0192EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/04/07 12:0 a.m.4 views

PT-2023-21353 · H3C · H3C Magic R100

Name of the Vulnerable Software and Affected Versions: H3C Magic R100 version R100V100R005.bin Description: A stack overflow issue was discovered via the EdittriggerList interface at the "/goform/aspForm" API endpoint. This allows attackers to cause a Denial of Service DoS via a crafted payload...

4.9CVSS5.2AI score0.00787EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 2023/04/05 1:49 a.m.3 views

SUSE CVE-2023-28834

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

4.3CVSS6.1AI score0.00813EPSS
Exploits1References3
NVD
NVD
added 2023/04/03 5:15 p.m.36 views

CVE-2023-28834

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

4.3CVSS4.1AI score0.00813EPSS
Exploits1References4
Prion
Prion
added 2023/04/03 5:15 p.m.24 views

Information disclosure

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

4CVSS4.4AI score0.00813EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/04/03 4:19 p.m.35 views

CVE-2023-28834 Full path of data directory exposed to Nextcloud server users

Nextcloud Server is an open source personal cloud server. Nextcloud Server 24.0.0 until 24.0.6 and 25.0.0 until 25.0.4, as well as Nextcloud Enterprise Server 23.0.0 until 23.0.11, 24.0.0 until 24.0.6, and 25.0.0 until 25.0.4, have an information disclosure vulnerability. A user was able to get t...

3.5CVSS5AI score0.00813EPSS
Exploits1References4
CVE
CVE
added 2023/04/03 4:19 p.m.59 views

CVE-2023-28834

Summary of CVE-2023-28834 (Nextcloud Server information disclosure) Affected: Nextcloud Server 24.0.0–24.0.6, 25.0.0–25.0.4; Nextcloud Enterprise Server 23.0.0–23.0.11, 24.0.0–24.0.6, 25.0.0–25.0.4. Root cause: An API endpoint allowed a user to obtain the full data directory path of the Nextcloud...

4.3CVSS4AI score0.00813EPSS
Exploits1References4Affected Software1
Nextcloud
Nextcloud
added 2023/04/03 12:59 p.m.32 views

Full path of data directory exposed to users

None...

4.3CVSS4.8AI score0.00813EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/03/31 10:8 p.m.37 views

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

5.7CVSS6.6AI score0.00745EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/03/31 10:8 p.m.8 views

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

5.7CVSS6.4AI score0.00745EPSS
Exploits0References3
OSV
OSV
added 2023/03/31 10:8 p.m.18 views

CVE-2023-28645 Secure view can be bypassed by using internal API endpoint in Nextcloud richdocuments

Nextcloud richdocuments is a Nextcloud app integrating the office suit Collabora Online. In affected versions the secure view feature of the rich documents app can be bypassed by using unprotected internal API endpoint of the rich documents app. It is recommended that the Nextcloud Office app...

5.7CVSS6.3AI score0.00745EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/03/31 12:0 a.m.5 views

PT-2023-21870 · Nextcloud · Nextcloud Richdocuments

Name of the Vulnerable Software and Affected Versions: Nextcloud richdocuments versions prior to 6.3.2 Nextcloud richdocuments versions prior to 7.0.2 Nextcloud richdocuments versions prior to 8.0.0-beta.1 Description: The secure view feature of the rich documents app can be bypassed by using an...

6.5CVSS6.2AI score0.00745EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2023/03/28 12:0 a.m.266 views

BoxBilling<=4.22.1.5 - Remote Code Execution (RCE)

Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...

7.2CVSS7AI score0.44002EPSS
Exploits7
0day.today
0day.today
added 2023/03/28 12:0 a.m.302 views

BoxBilling <= 4.22.1.5 - Remote Code Execution Vulnerability

Exploit Title: BoxBilling POC Video : https://drive.google.com/file/d/1m2glCeJ9QXc8epuY2QfvbWwjLTJ8Hjx/view?usp=sharing...

7.2CVSS7AI score0.44002EPSS
Exploits7
Vulnrichment
Vulnrichment
added 2023/03/27 12:0 a.m.6 views

CVE-2023-28883

In Cerebrate 1.13, a blind SQL injection exists in the searchAll API endpoint...

9.9AI score0.00701EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/22 12:0 a.m.3 views

PT-2023-17078 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to learn the full name of a board owner due to Mattermost failing to check the "Show Full Name" setting when rendering the result for the...

4.3CVSS4.4AI score0.00464EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2023/03/18 4:20 p.m.881 views

Exploit for Missing Authentication for Critical Function in Veeam Veeam_Backup_\&_Replication

CVE-2023-27532 POC for CVE-2023-27532 affecting Veeam Backup a...

7.5CVSS8.8AI score0.7761EPSS
Exploits4
Vulnrichment
Vulnrichment
added 2023/03/07 12:0 a.m.11 views

CVE-2023-25223

CRMEB =1.3.4 is vulnerable to SQL Injection via /api/admin/user/list...

8.4AI score0.00755EPSS
Exploits1References1
Rows per page
Query Builder