50 matches found
CVE-2024-55062
Code Injection vulnerability in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary code to /api/license/sendlicense/...
CVE-2024-57587
Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...
PT-2025-3478 · Easyvirt · Easyvirt Dcscope +1
Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote unauthenticated attackers to execute arbitrary SQL commands. This can be achieved via the username or password...
CVE-2024-57587
Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote unauthenticated attackers to execute arbitrary SQL commands via the 1 username or 2 password parameter to /api/auth/login...
CVE-2024-53354
Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.0 and CO2Scope = 1.3.0 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 user parameter to /api/management/findfilterlist; the 2 user or 3 filter parameter to /api/audit/findmetawatcher; the 4 user...
CVE-2024-53357
Summary of CVE-2024-53357 : The affected products are EasyVirt DCScope (<= 8.6.0) and EasyVirt CO2Scope (
CVE-2024-53355
CVE-2024-53355 affects EasyVirt DCScope (versions 8.6.0 and earlier) and EasyVirt CO2Scope (versions 1.3.0 and earlier). The issue is improper access control in the user API surface, enabling remote authenticated attackers with low privileges to perform admin-like actions via multiple endpoints: ...
CVE-2024-55062
CVE-2024-55062 affects EasyVirt DCScope and EasyVirt CO2Scope. The vulnerability is a code injection flaw in the vulnerable API endpoint /api/license/sendlicense/, allowing remote unauthenticated attackers to execute arbitrary code. Reported versions: DCScope ≤ 8.6.0 and CO2Scope ≤ 1.3.0. The ava...
CVE-2024-53354
Multiple SQL injection vulnerabilities affect EasyVirt DCScope <= 8.6.0 and EasyVirt CO2Scope <= 1.3.0. An authenticated remote attacker can alter SQL via numerous parameters across API endpoints, including user/filters in endpoints such as /api/management/findfilterlist, /api/audit/findmet...
PT-2025-2960 · Easyvirt · Easyvirt Dcscope
Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier CO2Scope versions 1.3.0 and earlier Description: The issue allows remote attackers to generate JSON Web Tokens JWTs for privilege escalation due to a weak JWT secret. The HMAC secret used for...