Lucene search
+L

58 matches found

CVE
CVE
added 2024/11/12 3:45 p.m.56 views

CVE-2024-43415

CVE-2024-43415 — A SQL injection in the decidim_awesome-module (papertrail/version-model) allows an authenticated admin to manipulate SQL queries in vulnerable versions (0.9.0–0.11.1). This can lead to information disclosure, filesystem read/write, or remote code execution. Root cause: improper n...

9CVSS9.3AI score0.0066EPSS
Exploits0References3
NVD
NVD
added 2024/08/05 8:15 p.m.40 views

CVE-2024-41960

mailcow: dockerized is an open source groupware/email suite based on docker. An authenticated admin user can inject a JavaScript payload into the Relay Hosts configuration. The injected payload is executed whenever the configuration page is viewed, enabling the attacker to execute arbitrary scrip...

4.8CVSS0.00326EPSS
Exploits0References2
Prion
Prion
added 2024/03/14 4:15 a.m.26 views

Remote code execution

This vulnerability allows an already authenticated admin user to create a malicious payload that could be leveraged for remote code execution on the server hosting the PaperCut NG/MF application server...

5.8CVSS7.8AI score0.01411EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/02/14 3:19 a.m.35 views

CVE-2023-24530

SAP BusinessObjects Business Intelligence Platform CMC - versions 420, 430, allows an authenticated admin user to upload malicious code that can be executed by the application over the network. On successful exploitation, attacker can perform operations that may completely compromise the...

8.4CVSS9.4AI score0.00555EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/10 8:59 p.m.5 views

CVE-2022-34451

PowerPath Management Appliance with versions 3.3 & 3.2, 3.1 & 3.0 contains a Stored Cross-site Scripting Vulnerability. An authenticated admin user could potentially exploit this vulnerability, to hijack user sessions or trick a victim application user into unknowingly send arbitrary requests to...

4.8CVSS6.5AI score0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/02/10 8:56 p.m.14 views

CVE-2022-34450

PowerPath Management Appliance with version 3.3 contains Privilege Escalation vulnerability. An authenticated admin user could potentially exploit this issue and gain unrestricted control/code execution on the system as root...

6.7CVSS7.4AI score0.00419EPSS
Exploits0References1
NVD
NVD
added 2023/02/10 10:15 a.m.23 views

CVE-2022-34452

PowerPath Management Appliance with versions 3.3, 3.2, 3.1 & 3.0 contains sensitive information disclosure vulnerability. An Authenticated admin user can able to exploit the issue and view sensitive information stored in the logs...

2.7CVSS3.3AI score0.00435EPSS
Exploits0References1
NVD
NVD
added 2022/12/05 10:15 p.m.21 views

CVE-2022-45912

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...

7.2CVSS0.0114EPSS
Exploits0References1
Prion
Prion
added 2022/12/05 10:15 p.m.26 views

Remote code execution

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...

5.8CVSS7.6AI score0.0114EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/05 12:0 a.m.11 views

CVE-2022-45912

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...

8AI score0.0114EPSS
Exploits0References1
OSV
OSV
added 2022/12/05 12:0 a.m.13 views

CVE-2022-45912

An issue was discovered in Zimbra Collaboration ZCS 8.8.15 and 9.0. Remote code execution can occur through ClientUploader by an authenticated admin user. An authenticated admin user can upload files through the ClientUploader utility, and traverse to any other directory for remote code execution...

7.2CVSS8AI score0.0114EPSS
Exploits0References3
Prion
Prion
added 2022/05/24 7:15 p.m.19 views

Design/Logic Flaw

ManageEngine AppManager15 Build No:15510 allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality...

6.5CVSS6.9AI score0.04745EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/05/24 6:2 p.m.28 views

CVE-2022-23050

ManageEngine AppManager15 Build No:15510 allows an authenticated admin user to upload a DLL file to perform a DLL hijack attack inside the 'working' folder through the 'Upload Files / Binaries' functionality...

7.1AI score0.04745EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/03/30 5:49 p.m.38 views

CVE-2022-28223

Tekon KIO devices through 2022-03-30 allow an authenticated admin user to escalate privileges to root by uploading a malicious Lua plugin...

9.1CVSS9.4AI score0.0104EPSS
Exploits0References1
NVD
NVD
added 2022/03/10 5:47 p.m.16 views

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

7.2CVSS0.02779EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/03/08 2:19 p.m.18 views

CVE-2022-25225

Network Olympus version 1.8.0 allows an authenticated admin user to inject SQL queries in '/api/eventinstance' via the 'sqlparameter' JSON parameter. It is also possible to achieve remote code execution in the default installation PostgreSQL by exploiting this issue...

7.7AI score0.02779EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/03/03 9:57 p.m.30 views

CVE-2022-25220

PeteReport Version 0.5 allows an authenticated admin user to inject persistent JavaScript code inside the markdown descriptions while creating a product, report or finding...

5.4AI score0.00548EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2022/02/25 12:1 a.m.27 views

File upload restriction bypass in Zenario CMS

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS3.4AI score0.01459EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2022/02/24 3:15 p.m.22 views

CVE-2022-23043

Zenario CMS 9.2 allows an authenticated admin user to bypass the file upload restriction by creating a new 'File/MIME Types' using the '.phar' extension. Then an attacker can upload a malicious file, intercept the request and change the extension to '.phar' in order to run commands on the server...

7.2CVSS0.01459EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/02/09 10:3 p.m.20 views

CVE-2022-23048

Exponent CMS 2.6.0patch2 allows an authenticated admin user to upload a malicious extension in the format of a ZIP file with a PHP file inside it. After upload it, the PHP file will be placed at "themes/simpletheme/rce.php" from where can be accessed in order to execute commands...

7.3AI score0.02074EPSS
Exploits1References3
Rows per page
Query Builder