Lucene search
K

31 matches found

CNNVD
CNNVD
added 2025/02/03 12:0 a.m.4 views

Geovision GV-ASWeb 安全漏洞

Geovision GV-ASWeb is a web-based software from Geovision China that is used to remotely access and configure the GV-ASManager's database. A security vulnerability exists in Geovision GV-ASWeb version 6.1.1.0 and earlier, which stems from the presence of cross-site request forgery CSRF, which...

8.1CVSS8.4AI score0.00344EPSS
Exploits2References2
CVE
CVE
added 2025/02/03 12:0 a.m.102 views

CVE-2024-56903

Geovision GV-ASWeb/GV-ASManager (version 6.1.1.0 or earlier) is affected by CVE-2024-56903, where attackers can abuse a CSRF chain with CVE-2024-56901 to modify POST to GET requests targeting critical functions (e.g., account management) and potentially create admin accounts. The EDB exploit note...

8.1CVSS6.3AI score0.00344EPSS
Exploits2References1
Cvelist
Cvelist
added 2025/02/03 12:0 a.m.16 views

CVE-2024-56902

Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...

0.22168EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.7 views

CVE-2024-56901

A Cross-Site Request Forgery CSRF vulnerability in Geovision GV-ASWeb application with the version 6.1.1.0 or less that allows attackers to arbitrarily create Administrator accounts via a crafted GET request method. This vulnerability is used in chain with CVE-2024-56903 for a successful CSRF...

6.6AI score0.01731EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2025/02/03 12:0 a.m.8 views

PT-2025-3344 · Geovision · Geovision Gv-Asweb

Name of the Vulnerable Software and Affected Versions: Geovision GV-ASWeb versions 6.1.0.0 and earlier Description: The issue allows unauthorized attackers with low-level privileges to request information about other accounts via a crafted HTTP request. Recommendations: For Geovision GV-ASWeb...

7.5CVSS7.4AI score0.22168EPSS
Exploits4References7
Cvelist
Cvelist
added 2025/02/03 12:0 a.m.15 views

CVE-2024-56903

Geovision GV-ASWeb with the version 6.1.1.0 or less allows attackers to modify POST request method with the GET against critical functionalities, such as account management. This vulnerability is used in chain with CVE-2024-56901 for a successful CSRF attack...

0.00344EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.8 views

CVE-2024-56902

Information disclosure vulnerability in Geovision GV-ASManager web application with the version v6.1.0.0 or less, which discloses account information, including cleartext password...

6.5AI score0.22168EPSS
Exploits4References1
CVE
CVE
added 2025/02/03 12:0 a.m.58 views

CVE-2024-56898

CVE-2024-56898 affects Geovision GV-ASWeb (v6.1.0.0 or earlier). The issue is a broken access control that lets a low-privilege user perform unauthorized actions, including creating, modifying, or deleting accounts, effectively escalating privileges. Public exploit details exist (PoC available at...

8.8CVSS8.2AI score0.02467EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/02/03 12:0 a.m.9 views

CVE-2024-56898

Broken access control vulnerability in Geovision GV-ASWeb with version v6.1.0.0 or less. This vulnerability allows low privilege users perform actions that they aren't authorized to, which can be leveraged to escalate privileges, create, modify or delete accounts...

8.2AI score0.02467EPSS
Exploits1References1
OSV
OSV
added 2024/12/13 11:15 p.m.6 views

CVE-2024-12553

GeoVision GV-ASManager Missing Authorization Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of GeoVision GV-ASManager. Although authentication is required to exploit this vulnerability, default guest...

6.5CVSS5.8AI score0.00584EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2018/07/17 7:56 a.m.10 views

asweb-4559-006.dvs.demon.net XSS vulnerability

Open Bug Bounty ID: OBB-648799 Description| Value ---|--- Affected Website:| asweb-4559-006.dvs.demon.net Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Rows per page
Query Builder