Lucene search
K

87 matches found

Positive Technologies
Positive Technologies
added 2024/09/24 12:0 a.m.4 views

PT-2024-12111 · Unknown · Cs-Cart Multivendor

Name of the Vulnerable Software and Affected Versions: CS-Cart MultiVendor version 4.16.1 Description: The issue allows remote attackers to run arbitrary code via the File Manager/Editor component in the vendor or admin menu. This is a result of a File Upload vulnerability. Recommendations: For...

8.8CVSS7.3AI score0.00684EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/08/31 12:0 a.m.7 views

PT-2024-31262 · Unknown · Online Complaint Site

Name of the Vulnerable Software and Affected Versions: Online Complaint Site version 1.0 Description: The issue allows a remote attacker to escalate privileges via the username and password parameters in the "/admin.index.php" API endpoint. Recommendations: For Online Complaint Site version 1.0,...

9.8CVSS7.3AI score0.01162EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/21 12:0 a.m.4 views

PT-2024-30257 · Unknown · Tosei Online Store Management System

Name of the Vulnerable Software and Affected Versions: TOSEI online store management system versions v4.02 through v4.04 Description: An issue in the downloader.php component allows attackers to execute a directory traversal. Recommendations: For versions v4.02 through v4.04, consider disabling t...

7.5CVSS7.2AI score0.00904EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.4 views

PT-2024-30107 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: xxl-job version 2.4.1 Description: The issue allows a remote attacker to execute arbitrary code via the Sub-Task ID component due to insecure permissions. Recommendations: For xxl-job version 2.4.1, consider disabling the Sub-Task ID componen...

8.8CVSS8.6AI score0.00886EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2024/08/06 12:0 a.m.5 views

PT-2024-22552 · Koha Ils · Koha Ils

Name of the Vulnerable Software and Affected Versions: Koha ILS versions 23.05 and earlier Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the additonal-contents.pl component. Recommendations: For versions 23.05 and earlier, consider disabling acces...

9.6CVSS7.7AI score0.00673EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.4 views

PT-2024-28911 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue concerns an arbitrary file upload vulnerability in the /admin/cmsWebFile/save component, allowing attackers to execute arbitrary code by uploading a crafted file. Recommendations: For...

8.8CVSS7.8AI score0.00721EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/06/20 12:0 a.m.3 views

PT-2024-37440 · Unknown · Ez-Suite Ez-Partner

Name of the Vulnerable Software and Affected Versions: EZ-Suite EZ-Partner version 5 Description: A vulnerability has been found in the Forgot Password Handler component, leading to basic cross site scripting. The manipulation can be launched remotely. The vendor was contacted about this disclosu...

6.9CVSS6.2AI score0.00415EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.4 views

PT-2024-27110 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: The issue is a Cross-Site Request Forgery CSRF that affects the component "/admin/idcProType deal.php?mudi=add&nohrefStr=close". This allows for unauthorized requests to be made on behalf of the user...

8.8CVSS7AI score0.00241EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.6 views

PT-2024-27114 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "admin/vpsClass deal.php?mudi=del". This issue allows for unauthorized requests to be made on behalf of the user. Recommendations: For...

8.8CVSS6.7AI score0.00289EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/05/22 12:0 a.m.4 views

PT-2024-25161 · Realtek Semiconductor · Realtek High Definition Audio Function Driver

Name of the Vulnerable Software and Affected Versions: Realtekr High Definition Audio Function Driver version 6.0.9549.1 Description: An issue in the component RTKVHD64.sys of Realtek Semiconductor Corp Realtekr High Definition Audio Function Driver allows attackers to escalate privileges and...

7.8CVSS8.1AI score0.00217EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/05/06 12:0 a.m.7 views

PT-2024-25190 · Unknown · Library System

Name of the Vulnerable Software and Affected Versions: Library System version V1.0 Description: An issue in the Library System allows a remote attacker to execute arbitrary code via the FAILE variable in the student edit photo.php component. Recommendations: For Library System version V1.0,...

9.1CVSS7.9AI score0.00746EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/04/30 12:0 a.m.8 views

PT-2024-20077 · Quest · Quest Kace Agent For Windows

Name of the Vulnerable Software and Affected Versions: Quest KACE Agent for Windows versions 12.0.38 through 13.1.23.0 Description: An issue exists in the KSchedulerSvc.exe component, allowing local attackers to delete any file of their choice with NT AuthoritySYSTEM privileges. This is due to an...

7.8CVSS6.9AI score0.00444EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/04/29 12:0 a.m.5 views

PT-2024-25265 · Hisiphp · Hisiphp

Name of the Vulnerable Software and Affected Versions: hisiphp version 2.0.111 Description: An issue in hisiphp allows a remote attacker to execute arbitrary code via a crafted script to the SystemPlugins::mkInfo parameter in the SystemPlugins.php component. Recommendations: For hisiphp version...

9.8CVSS8AI score0.01349EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.4 views

PT-2024-19656 · Unknown · Jgrapht Core

Name of the Vulnerable Software and Affected Versions: JGraphT Core version 1.5.2 Description: A NullPointerException was discovered in JGraphT Core via the component org.jgrapht.alg.util.ToleranceDoubleComparator::compareDouble, Double. However, the existence of this issue is disputed by multipl...

9.1CVSS7AI score0.00769EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2024/04/05 12:0 a.m.7 views

PT-2024-23670 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet versions 9.0 and below Description: A Cross Site Scripting issue allows a remote attacker to execute arbitrary code via the "render-document.php" component. This enables the attacker to perform unauthorized actions on the affected...

7.4CVSS7.6AI score0.01027EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2024/04/01 12:0 a.m.8 views

PT-2024-24026 · Francoisjacquet · Rosariosis

Name of the Vulnerable Software and Affected Versions: francoisjacquet RosarioSIS version 11.5.1 Description: A disputed issue affects the Add Portal Note component, leading to cross-site scripting. The attack can be initiated remotely. The vendor notes that the PDF is opened by the browser app i...

4CVSS6.8AI score0.0047EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/03/26 12:0 a.m.4 views

PT-2024-22961 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was discovered in DedeCMS, specifically via the component /src/dede/makehtml homepage.php, allowing a remote attacker to execute arbitrary code. Recommendations: For...

9.8CVSS7.7AI score0.00571EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/02/20 12:0 a.m.5 views

PT-2024-19579 · Timo · Timo

Name of the Vulnerable Software and Affected Versions: Timo version 2.0.3 Description: The issue allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Recommendations: For Timo version 2.0.3, consider disabling the...

9.8CVSS8.2AI score0.01059EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.4 views

PT-2024-20423 · Unknown · Employee Management System

Name of the Vulnerable Software and Affected Versions: Employee Management System version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the "edit-photo.php" component. This is due to an Unrestricted File Upload vulnerability. Recommendations: For Employee...

8.2AI score
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.7 views

PT-2024-13444 · Imou Go · Imou Go

Name of the Vulnerable Software and Affected Versions: IMOU GO version 1.0.11 Description: An issue in the com.oneed.dvr.service.DownloadFirmwareService component allows attackers to force the download of arbitrary files. Recommendations: For IMOU GO version 1.0.11, consider disabling the...

8.8CVSS8.6AI score0.00292EPSS
Exploits1References6
Rows per page
Query Builder