Ivanti Endpoint Manager DBDR SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the DBDR class. The issue results from the lack of proper...

Ivanti Endpoint Manager PatchHistory SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the PatchHistory class. The issue results from the lack of proper validation of a...

Ivanti Endpoint Manager MP_VistaReport SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPVistaReport class. The issue results from the lack of proper validation of a...

Ivanti Endpoint Manager GetFilePath Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetFilePath method. The issue results from the lack of...

Ivanti Endpoint Manager serverStorage SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the serverStorage class. The issue results from the lack of proper validation of a...

Ivanti Endpoint Manager GetCountForQuery SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the GetCountForQuery method. The issue results from the lack o...

Ivanti Endpoint Manager Report_Run SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ReportRun class. The issue results from the lack of proper validation of a...

Ivanti Endpoint Manager MP_QueryDetail2 SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPQueryDetail2 class. The issue results from the lack of proper validation of a...

Ivanti Endpoint Manager ROI SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the ROI class. The issue results from the lack of proper validation of a user-suppli...

Ivanti Endpoint Manager MP_QueryDetail SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ivanti Endpoint Manager. Authentication is required to exploit this vulnerability. The specific flaw exists within the MPQueryDetail class. The issue results from the lack of proper validation of a...

Centreon updateContactHostCommands_MC SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactHostCommandsMC function. The issue results from the lack of proper validation of a...

Centreon updateContactServiceCommands_MC SQL Injection Privilege Escalation Vulnerability

This vulnerability allows remote attackers to escalate privileges on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateContactServiceCommandsMC function. The issue results from the lack of proper validation of a...

Linux Kernel ksmbd Session Race Condition Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Linux Kernel. Authentication is required to exploit this vulnerability. However, only systems with ksmbd enabled are vulnerable. The specific flaw exists within the implementation of session setup an...

CVE-2022-30360

OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS AKA Persistent or Type II vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required...

CVE-2022-30359

OvalEdge 5.2.8.0 and earlier is affected by a Sensitive Data Exposure vulnerability via a GET request to /user/getUserList. Authentication is required. The information disclosed is associated with the all registered users, including user ID, status, email address, roles, user type, license type,...

CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...

CVE-2022-30357

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...

CVE-2022-30358

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required...

CVE-2022-30360

OvalEdge 5.2.8.0 and earlier is affected by multiple Stored XSS AKA Persistent or Type II vulnerabilities via a POST request to /profile/updateProfile via the slackid or phone parameters. Authentication is required...

CVE-2022-30355

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required...