Lucene search
+L

151 matches found

prion
prion
added 2024/03/12 4:15 p.m.17 views

Design/Logic Flaw

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...

4CVSS6.8AI score0.01041EPSS
Exploits0References1
prion
prion
added 2024/03/12 4:15 p.m.20 views

Sql injection

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...

7.5CVSS7.7AI score0.02165EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/03/12 3:31 p.m.14 views

CVE-2024-1304 Multiple Vulnerabilities in Badger Meter's Monitool

Cross-site scripting vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows a remote attacker to send a specially crafted javascript payload to an authenticated user and partially hijack their browser session...

6.3CVSS6.6AI score0.00669EPSS
Exploits0References1
cve
cve
added 2024/03/12 3:31 p.m.64 views

CVE-2024-1304

CVE-2024-1304 affects Badger Meter Monitool up to version 4.6.3 and earlier. The vulnerability is a cross-site scripting issue allowing a remote attacker to deliver a crafted JavaScript payload to an authenticated user, potentially hijacking the user’s browser session (partial impact on integrity...

6.3CVSS6AI score0.00669EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2024/03/12 3:28 p.m.13 views

CVE-2024-1303 Multiple Vulnerabilities in Badger Meter's Monitool

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...

6.5CVSS6.6AI score0.01041EPSS
Exploits0References1
cvelist
cvelist
added 2024/03/12 3:28 p.m.24 views

CVE-2024-1303 Multiple Vulnerabilities in Badger Meter's Monitool

Incorrectly limiting the path to a restricted directory vulnerability in Badger Meter Monitool that affects versions up to 4.6.3 and earlier. This vulnerability allows an authenticated attacker to retrieve any file from the device using the download-file functionality...

6.5CVSS6.5AI score0.01041EPSS
Exploits0References1
cve
cve
added 2024/03/12 3:28 p.m.63 views

CVE-2024-1303

CVE-2024-1303 affects Badger Meter Monitool prior to 4.6.3. The root cause is an incorrect restriction that allows path traversal in the download-file function, enabling an authenticated attacker to retrieve arbitrary files from the device. Affected component: Monitool on compatible Badger Meter ...

6.5CVSS6.2AI score0.01041EPSS
Exploits0References1Affected Software1
cve
cve
added 2024/03/12 3:26 p.m.84 views

CVE-2024-1302

CVE-2024-1302 affects Badger Meter Monitool up to version 4.6.3 and earlier. The vulnerability allows a local attacker to manipulate the application’s file parameter to point to a log file, leading to exposure of sensitive data such as database credentials. Documents consistently describe an info...

7.3CVSS6.8AI score0.00488EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2024/03/12 3:26 p.m.22 views

CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

7.3CVSS6.2AI score0.00488EPSS
Exploits0References1
cvelist
cvelist
added 2024/03/12 3:26 p.m.31 views

CVE-2024-1302 Multiple Vulnerabilities in Badger Meter's Monitool

Information exposure vulnerability in Badger Meter Monitool affecting versions up to 4.6.3 and earlier. A local attacker could change the application's file parameter to a log file obtaining all sensitive information such as database credentials...

7.3CVSS7AI score0.00488EPSS
Exploits0References1
cve
cve
added 2024/03/12 3:24 p.m.63 views

CVE-2024-1301

CVE-2024-1301 describes an SQL injection in Badger Meter Monitool affecting versions 4.6.3 and earlier. The vulnerability arises from allowably crafting input sent to the server via the j_username parameter, enabling a remote attacker to retrieve information stored in the database. Multiple conne...

9.8CVSS9.6AI score0.02165EPSS
Exploits0References1Affected Software1
cvelist
cvelist
added 2024/03/12 3:24 p.m.31 views

CVE-2024-1301 Multiple Vulnerabilities in Badger Meter's Monitool

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...

9.8CVSS9.7AI score0.02165EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/03/12 3:24 p.m.24 views

CVE-2024-1301 Multiple Vulnerabilities in Badger Meter's Monitool

SQL injection vulnerability in Badger Meter Monitool affecting versions 4.6.3 and earlier. A remote attacker could send a specially crafted SQL query to the server via the jusername parameter and retrieve the information stored in the database...

9.8CVSS9.5AI score0.02165EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/03/12 12:0 a.m.5 views

PT-2024-17887 · Badger Meter · Badger Meter Monitool

Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions prior to 4.6.3 Description: The issue allows an authenticated attacker to retrieve any file from the device using the download-file functionality due to incorrectly limiting the path to a restricted directory...

6.5CVSS7.1AI score0.01041EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/03/12 12:0 a.m.8 views

PT-2024-17878 · Badger Meter · Badger Meter Monitool

Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions up to 4.6.3 and earlier Description: The issue allows a local attacker to change the application's file parameter to a log file, obtaining sensitive information such as database credentials. Recommendations: For...

7.3CVSS6.6AI score0.00488EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/03/12 12:0 a.m.7 views

PT-2024-17869 · Badger Meter · Badger Meter Monitool

Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions 4.6.3 and earlier Description: A remote attacker could send a specially crafted SQL query to the server via the j username parameter and retrieve the information stored in the database. This issue allows an...

9.8CVSS7.7AI score0.02165EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2024/03/12 12:0 a.m.11 views

PT-2024-17897 · Badger Meter · Monitool

Name of the Vulnerable Software and Affected Versions: Badger Meter Monitool versions up to 4.6.3 and earlier Description: The issue is a cross-site scripting vulnerability that allows a remote attacker to send a specially crafted javascript payload to an authenticated user, potentially hijacking...

6.3CVSS6.4AI score0.00669EPSS
Exploits0References5
vulnersosv
vulnersosv
added 2024/01/19 4:19 p.m.5 views

ape-dasy (=0.1.0), ape-safe (=0.6.0) +21 more potentially affected by CVE-2024-22419 via vyper (>=0.3.0 <=0.3.9)

vyper PYPI version =0.3.0, =0.7.1, =0.5.0, =0.5.0, =0.2.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.17.0, =0.0.0, =2.1.6, =2.1.22 and more Source cves: CVE-2024-22419 Source advisory: OSV:GHSA-2Q8V-3GQQ-4F8P...

9.8CVSS7.2AI score0.0077EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/08/09 2:27 p.m.5 views

avotes-parser-cli (>=0.0.0 <=0.4.3), avotes-parser-core (>=0.0.0 <=0.4.3) +5 more potentially affected by CVE-2023-39363 via vyper (>=0.2.15 <=0.3.0)

vyper PYPI version =0.2.15, =0.0.0, =0.0.0, =0.4.3, =1.15.1, =0.2.1, =2.0.36, =2.1.22 Source cves: CVE-2023-39363 Source advisory: OSV:GHSA-5824-CM3X-3C38...

9.1CVSS6.2AI score0.00706EPSS
Exploits1
vulnersosv
vulnersosv
added 2023/05/11 9:15 p.m.11 views

2vyper (=0.3.0), ape-safe (=0.6.0) +27 more potentially affected by CVE-2023-31146 via vyper (>=0.1.0b12 <=0.3.7)

vyper PYPI version =0.1.0b12, =0.7.1, =0.1.0, =0.0.0, =0.0.0, =0.0.5, =0.1.0, =0.1.0, =0.7.2, =0.1.10.0, =1.0.1, =0.1.0, =1.4.0, =0.2.1, =0.3.5 and more Source cves: CVE-2023-31146 Source advisory: OSV:PYSEC-2023-77...

9.1CVSS7.2AI score0.01241EPSS
Exploits1
Rows per page
Query Builder