CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2018/01/18 12:0 a.m.•1 views

ZUUSE BEIMS ContractorWeb .NET Cross-Site Request Forgery Vulnerability

ZUUSE BEIMS ContractorWeb .NET is a suite of infrastructure management software from ZUUSE Australia. A cross-site request forgery vulnerability exists in the /CWEBNET/ authenticated page in ZUUSE BEIMS ContractorWeb .NET version 5.18.0.0. A remote attacker could exploit this vulnerability to...

8.8CVSS6.8AI score0.00511EPSS

Prion•added 2018/01/15 9:29 p.m.•18 views

Cross site request forgery (csrf)

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 is vulnerable to Cross-Site Request Forgery CSRF on /CWEBNET/ authenticated pages. A successful CSRF attack can force the user to modify state: creating users, changing an email address, and so forth. If the victim is an administrative account, CSRF can...

6.8CVSS8.7AI score0.00511EPSS

OSV•added 2018/01/15 9:29 p.m.•2 views

CVE-2018-5329

8.8CVSS5.8AI score0.00511EPSS

NVD•added 2018/01/15 9:29 p.m.•19 views

CVE-2018-5328

ZUUSE BEIMS ContractorWeb .NET 5.18.0.0 allows access to various /UserManagement/ privileged modules without authenticating the user; an attacker can misuse these functionalities to perform unauthorized actions, as demonstrated by Edit User Details...

9.8CVSS9.3AI score0.01314EPSS

NVD•added 2018/01/15 9:29 p.m.•18 views

CVE-2018-5329

8.8CVSS8.8AI score0.00511EPSS

Prion•added 2018/01/15 9:29 p.m.•14 views

Code injection

7.5CVSS9.2AI score0.01314EPSS

Cvelist•added 2018/01/15 9:0 p.m.•17 views

CVE-2018-5328

9.3AI score0.01314EPSS

Cvelist•added 2018/01/15 9:0 p.m.•27 views

CVE-2018-5329

8.8AI score0.00511EPSS

CVE•added 2018/01/15 9:0 p.m.•41 views

CVE-2018-5328

CVE-2018-5328 affects ZUUSE BEIMS ContractorWeb .NET 5.18.0.0. The vulnerability allows access to multiple /UserManagement/ privileged modules without user authentication, enabling an attacker to perform unauthorized actions (demonstrated by editing user details). The root cause is insufficient a...

9.8CVSS9.1AI score0.01314EPSS

CVE•added 2018/01/15 9:0 p.m.•41 views

CVE-2018-5329

CVE-2018-5329 concerns ZUUSE BEIMS ContractorWeb .NET 5.18.0.0, with a CSRF vulnerability on authenticated “/CWEBNET/” pages. The root cause is cross-site request forgery that can force state-changing actions such as creating users or changing an email, potentially compromising the web applicatio...

8.8CVSS8.7AI score0.00511EPSS

0day.today•added 2017/12/20 12:0 a.m.•53 views

BEIMS ContractorWeb 5.18.0.0 - SQL Injection Vulnerability

Exploit for windows platform in category web applications Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0...

7.5CVSS0.1AI score0.03596EPSS

exploitpack•added 2017/12/20 12:0 a.m.•30 views

BEIMS ContractorWeb 5.18.0.0 - SQL Injection

BEIMS ContractorWeb 5.18.0.0 - SQL Injection Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0 CVE :...

7.5CVSS0.3AI score0.03596EPSS

CNVD•added 2017/12/20 12:0 a.m.•1 views

ZUUSE BEIMS ContractorWeb .NET SQL Injection Vulnerability

ZUUSE BEIMS ContractorWeb .NET is a suite of infrastructure management software from ZUUSE Australia. A SQL injection vulnerability exists in CWEBNET/WOSummary/List in ZUUSE BEIMS ContractorWeb .NET version 5.18.0.0. A remote attacker could exploit this vulnerability to compromise a database or...

9.8CVSS8AI score0.03596EPSS

Exploits4References1

Packet Storm•added 2017/12/20 12:0 a.m.•47 views

BEIMS ContractorWeb 5.18.0.0 SQL Injection

Exploit Title: SQL Injection Date: 18 December, 2017 Exploit Author: Rajwinder Singh Vendor Homepage: http://www.beims.com/products/ Software Link: http://www.beims.com/optional-modules/ccw Version: BEIMS ContractorWeb .NET System 5.18.0.0 CVE : 2017-17721 Vulnerability Details:...

0.2AI score0.03596EPSS

Exploit DB•added 2017/12/20 12:0 a.m.•66 views

BEIMS ContractorWeb 5.18.0.0 - SQL Injection

9.8CVSS9.7AI score0.03596EPSS