Lucene search
K

9 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-6685

Malware in sbrugna...

6.1CVSS6.3AI score0.01021EPSS
Exploits0References2
NVD
NVD
added 2019/10/07 12:15 p.m.22 views

CVE-2019-15746

SITOS six Build v6.2.1 allows an attacker to inject arbitrary PHP commands. As a result, an attacker can compromise the running server and execute system commands in the context of the web user...

10CVSS9.6AI score0.01858EPSS
Exploits0References1
NVD
NVD
added 2019/10/07 12:15 p.m.15 views

CVE-2019-15751

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands...

10CVSS9.9AI score0.0447EPSS
Exploits0References1
Prion
Prion
added 2019/10/07 12:15 p.m.16 views

Cross site scripting

A Cross-Site Scripting XSS vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

4.3CVSS5.9AI score0.01021EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2019/10/07 12:15 p.m.17 views

Default credentials

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account e.g., via XSS or an unattended workstation to change that password and...

4.3CVSS6.3AI score0.00985EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2019/10/07 11:45 a.m.20 views

CVE-2019-15751

An unrestricted file upload vulnerability in SITOS six Build v6.2.1 allows remote attackers to execute arbitrary code by uploading a SCORM file with an executable extension. This allows an unauthenticated attacker to upload a malicious file containing PHP code to execute operating system commands...

9.9AI score0.0447EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/07 11:42 a.m.25 views

CVE-2019-15750

A Cross-Site Scripting XSS vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter...

5.9AI score0.01021EPSS
Exploits0References1
Cvelist
Cvelist
added 2019/10/07 11:41 a.m.22 views

CVE-2019-15749

SITOS six Build v6.2.1 allows a user to change their password and recovery email address without requiring them to confirm the change with their old password. This would allow an attacker with access to the victim's account e.g., via XSS or an unattended workstation to change that password and...

6.4AI score0.00985EPSS
Exploits0References1
CVE
CVE
added 2019/10/07 11:39 a.m.44 views

CVE-2019-15747

CVE-2019-15747 affects SITOS six Build v6.2.1. A user with the Seminar Coordinator role can escalate to System Administrator due to insufficient server-side access checks, enabling privilege escalation. CVSS data in the records shows a high impact (CVSS‑3.1 base score 8.8) but no exploit details ...

8.8CVSS8.6AI score0.01091EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder