46 matches found
ROS-20260603-73-0003
The vulnerability in rubygem-activestorage relates to insufficient checking of the intentions by the recipient of the broadcast message. Exploiting this vulnerability allows a perpetrator to execute arbitrary code...
CVE-2022-45899
Nokia BMC (Broadcast Message Center) Log Scanner, prior to version 13.1, is vulnerable to unauthenticated command injection via shell metacharacters in the Log Scanner Search Pattern field. An attacker can achieve remote code execution as root. The issue is fixed in version 13.1. Affected product...
CVE-2022-45899
Nokia Broadcast Message Center BMC before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field...
CVE-2023-4564
This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...
EUVD-2020-30032
Malware in sbrugna...
CVE-2024-37828
A stored cross-site scripting XSS in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module...
CVE-2021-35487
Nokia Broadcast Message Center through 11.1.0 allows an authenticated user to perform a Boolean Blind SQL Injection attack on the endpoint /owui/block/send-receive-updates for the Manage Alerts page via the extIdentifier HTTP POST parameter. This allows an attacker to obtain the database user,...
CVE-2024-37828
A stored cross-site scripting XSS in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module...
PT-2024-27770 · Vermeg · Vermeg Agilereporter
Name of the Vulnerable Software and Affected Versions: Vermeg Agile Reporter version 23.2.1 Description: The issue is a stored cross-site scripting XSS that allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast...
CVE-2024-37828
A stored cross-site scripting XSS in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module...
CVE-2024-37828
A stored cross-site scripting XSS in Vermeg Agile Reporter v23.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Message field under the Set Broadcast Message module...
Line Security Breach
Line is an instant messaging platform from Line Inc. Line suffers from a security vulnerability that stems from an information disclosure issue that allows an attacker to obtain a channel access token and send a carefully crafted broadcast message...
Line Security Breach
Line is an instant messaging platform from Line Inc. Line suffers from a security vulnerability that stems from an information disclosure issue that allows an attacker to obtain a channel access token and send a carefully crafted broadcast message...
Line Security Breach
Line is an instant messaging platform from Line Inc. Line suffers from a security vulnerability that stems from an information disclosure issue that allows an attacker to obtain a channel access token and send a carefully crafted broadcast message...
Line Security Breach
Line is an instant messaging platform from Line Inc. Line suffers from a security vulnerability that stems from an information disclosure issue that allows an attacker to obtain a channel access token and send a carefully crafted broadcast message...
Line Security Breach
Line is an instant messaging platform from Line Inc. Line suffers from a security vulnerability that stems from an information disclosure issue that allows an attacker to obtain a channel access token and send a carefully crafted broadcast message...
Line Security Breach
Line is an instant messaging platform from Line Inc. Line suffers from a security vulnerability that stems from an information disclosure issue that allows an attacker to obtain a channel access token and send a carefully crafted broadcast message...
CVE-2023-39735
The leakage of the client secret in UomasaSaijinews Line 13.6.1 allows attackers to obtain the channel access token and send crafted broadcast messages...
CVE-2023-4564
This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...
CVE-2023-4564
This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel...