Lucene search
K

50 matches found

Cvelist
Cvelist
added 2025/01/31 12:0 a.m.12 views

CVE-2024-55062

Code Injection vulnerability in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/...

0.0109EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/31 12:0 a.m.10 views

CVE-2024-57587

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...

0.00561EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.5 views

PT-2025-3478 · Easyvirt · Easyvirt Dcscope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote unauthenticated attackers to execute arbitrary SQL commands. This can be achieved via the username or password...

9.1CVSS8.3AI score0.00561EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2025/01/31 12:0 a.m.7 views

CVE-2024-57587

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...

8.5AI score0.00561EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/01/31 12:0 a.m.11 views

CVE-2024-53354

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 user parameter to /api/management/findfilterlist; the 2 user or 3 filter parameter to /api/audit/findmetawatcher; the 4 user...

0.00482EPSS
Exploits1References1
CVE
CVE
added 2025/01/31 12:0 a.m.79 views

CVE-2024-53357

Summary of CVE-2024-53357 : The affected products are EasyVirt DCScope (<= 8.6.0) and EasyVirt CO2Scope (

7.5CVSS7.8AI score0.00493EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2025/01/31 12:0 a.m.100 views

CVE-2024-53355

CVE-2024-53355 affects EasyVirt DCScope (versions 8.6.0 and earlier) and EasyVirt CO2Scope (versions 1.3.0 and earlier). The issue is improper access control in the user API surface, enabling remote authenticated attackers with low privileges to perform admin-like actions via multiple endpoints: ...

8.8CVSS8.4AI score0.0053EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2025/01/31 12:0 a.m.58 views

CVE-2024-55062

CVE-2024-55062 affects EasyVirt DCScope and EasyVirt CO2Scope. The vulnerability is a code injection flaw in the vulnerable API endpoint /api/license/sendlicense/, allowing remote unauthenticated attackers to execute arbitrary code. Reported versions: DCScope ≤ 8.6.0 and CO2Scope ≤ 1.3.0. The ava...

9.8CVSS9.9AI score0.0109EPSS
Exploits1References1Affected Software2
CVE
CVE
added 2025/01/31 12:0 a.m.88 views

CVE-2024-53354

Multiple SQL injection vulnerabilities affect EasyVirt DCScope <= 8.6.0 and EasyVirt CO2Scope <= 1.3.0. An authenticated remote attacker can alter SQL via numerous parameters across API endpoints, including user/filters in endpoints such as /api/management/findfilterlist, /api/audit/findmet...

6.5CVSS7.2AI score0.00482EPSS
Exploits1References1Affected Software2
Positive Technologies
Positive Technologies
added 2025/01/31 12:0 a.m.7 views

PT-2025-2960 · Easyvirt · Easyvirt Dcscope

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier CO2Scope versions 1.3.0 and earlier Description: The issue allows remote attackers to generate JSON Web Tokens JWTs for privilege escalation due to a weak JWT secret. The HMAC secret used for...

9.8CVSS7.3AI score0.00639EPSS
Exploits1References4
Rows per page
Query Builder