Lucene search
+L

55 matches found

OSV
OSV
added 2023/04/16 2:15 a.m.5 views

CVE-2022-38840

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...

7.5CVSS5.8AI score0.09803EPSS
Exploits4References2
Prion
Prion
added 2023/04/16 2:15 a.m.17 views

Xxe

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...

5CVSS7.3AI score0.09803EPSS
Exploits4References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/04/16 12:0 a.m.7 views

CVE-2022-38840

cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...

7.4AI score0.09803EPSS
Exploits4References2
Positive Technologies
Positive Technologies
added 2023/04/16 12:0 a.m.6 views

PT-2023-13658 · Güralp · Güralp Man-Eam-0003

Name of the Vulnerable Software and Affected Versions: Güralp MAN-EAM-0003 version 3.2.4 Description: The issue is related to an XML External Entity XXE problem via XML file upload, which can lead to local file disclosure. This occurs in the cgi-bin/xmlstatus.cgi component. Recommendations: For...

7.5CVSS7.2AI score0.09803EPSS
Exploits4References6
CVE
CVE
added 2023/04/16 12:0 a.m.51 views

CVE-2022-38840

The Güralp MAN-EAM-0003 3.2.4 system is affected by an XML External Entity (XXE) vulnerability in the cgi-bin/xmlstatus.cgi endpoint. An XML file upload can trigger local file disclosure, enabling an unauthenticated attacker to read files on the seismic monitoring system. A fix is to upgrade to a...

7.5CVSS7.3AI score0.09803EPSS
In wildExploits4References2Affected Software1
CNNVD
CNNVD
added 2023/03/23 12:0 a.m.6 views

MAN-EAM-0003 代码问题漏洞

Güralp Systems MAN-EAM-0003 is a sensor from Güralp Systems. A security vulnerability exists in MAN-EAM-0003 version V3.2.4 that stems from the presence of an XML External Entity Injection XXE vulnerability...

7.5CVSS7.3AI score0.09803EPSS
Exploits4References4
NVD
NVD
added 2022/03/11 6:15 p.m.33 views

CVE-2021-27414

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials...

6.1CVSS0.00564EPSS
Exploits0References2
OSV
OSV
added 2022/03/11 6:15 p.m.6 views

CVE-2021-27416

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...

5.4CVSS5.8AI score0.00612EPSS
Exploits0References2
NVD
NVD
added 2022/03/11 6:15 p.m.29 views

CVE-2021-27416

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...

5.8CVSS0.00612EPSS
Exploits0References2
Prion
Prion
added 2022/03/11 6:15 p.m.24 views

Authentication flaw

An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials...

4.3CVSS6.3AI score0.00564EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/03/11 6:15 p.m.17 views

Session fixation

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...

5.8CVSS5.6AI score0.00612EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/03/11 5:54 p.m.100 views

CVE-2021-27414

CVE-2021-27414 affects Hitachi ABB Power Grids Ellipse EAM (versions up to and including 9.0.25). Described as a user-interface misrepresentation vulnerability enabling a login-page spoof to harvest credentials. CVSS v3 base score 5.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) per CISA/ICS context; ve...

6.1CVSS6AI score0.00564EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/03/11 5:53 p.m.43 views

CVE-2021-27416 Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM

An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...

5.5CVSS5.7AI score0.00612EPSS
Exploits0References2
CVE
CVE
added 2022/03/11 5:53 p.m.107 views

CVE-2021-27416

CVE-2021-27416 affects Hitachi ABB Power Grids Ellipse EAM, prior to and including 9.0.25. The issue is cross-site scripting: an attacker entices a user to click a malicious link, potentially exposing confidential data or hijacking a session. Mitigation per multiple sources: update to Ellipse EAM...

5.8CVSS5.6AI score0.00612EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2021/03/02 12:0 a.m.91 views

Hitachi ABB Power Grids Ellipse EAM

1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: Ellipse EAM Vulnerabilities: Cross-site Scripting, User Interface Misrepresentation of Critical Information 2. RISK EVALUATION Successful exploitation of these...

6.1CVSS6.2AI score0.00612EPSS
Exploits0References5
CNVD
CNVD
added 2017/05/24 12:0 a.m.4 views

INFOR EAM Cross-Site Scripting Attack Vulnerability

Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. A...

5.4CVSS6.4AI score0.00954EPSS
Exploits5References1
CNVD
CNVD
added 2017/05/24 12:0 a.m.6 views

INFOR EAM SQL Injection Vulnerability

Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. An SQL...

8.8CVSS7.6AI score0.01443EPSS
Exploits5References1
exploitpack
exploitpack
added 2017/05/17 12:0 a.m.31 views

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on...

3.5CVSS0.2AI score0.00954EPSS
Exploits5
0day.today
0day.today
added 2017/05/17 12:0 a.m.35 views

INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields Vulnerability

Exploit for multiple platform in category web applications Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its...

3.5CVSS5.9AI score0.00954EPSS
Exploits5
exploitpack
exploitpack
added 2017/05/17 12:0 a.m.55 views

INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection

INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection SQL injection in INFOR EAM V11.0 Build 201410 search fields web/base/.. via filtervalue parameter ------------------- Assigned CVE: CVE-2017-7952 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to any page with ...

6.5CVSS0.1AI score0.01443EPSS
Exploits5
Rows per page
Query Builder