55 matches found
CVE-2022-38840
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...
Xxe
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...
CVE-2022-38840
cgi-bin/xmlstatus.cgi in Güralp MAN-EAM-0003 3.2.4 is vulnerable to an XML External Entity XXE issue via XML file upload, which leads to local file disclosure...
PT-2023-13658 · Güralp · Güralp Man-Eam-0003
Name of the Vulnerable Software and Affected Versions: Güralp MAN-EAM-0003 version 3.2.4 Description: The issue is related to an XML External Entity XXE problem via XML file upload, which can lead to local file disclosure. This occurs in the cgi-bin/xmlstatus.cgi component. Recommendations: For...
CVE-2022-38840
The Güralp MAN-EAM-0003 3.2.4 system is affected by an XML External Entity (XXE) vulnerability in the cgi-bin/xmlstatus.cgi endpoint. An XML file upload can trigger local file disclosure, enabling an unauthenticated attacker to read files on the seismic monitoring system. A fix is to upgrade to a...
MAN-EAM-0003 代码问题漏洞
Güralp Systems MAN-EAM-0003 is a sensor from Güralp Systems. A security vulnerability exists in MAN-EAM-0003 version V3.2.4 that stems from the presence of an XML External Entity Injection XXE vulnerability...
CVE-2021-27414
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials...
CVE-2021-27416
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...
CVE-2021-27416
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...
Authentication flaw
An attacker could trick a user of Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 into visiting a malicious website posing as a login page for the Ellipse application and gather authentication credentials...
Session fixation
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...
CVE-2021-27414
CVE-2021-27414 affects Hitachi ABB Power Grids Ellipse EAM (versions up to and including 9.0.25). Described as a user-interface misrepresentation vulnerability enabling a login-page spoof to harvest credentials. CVSS v3 base score 5.5 (AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L) per CISA/ICS context; ve...
CVE-2021-27416 Cross-site scripting in Hitachi ABB Power Grids Ellipse EAM
An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management EAM versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of...
CVE-2021-27416
CVE-2021-27416 affects Hitachi ABB Power Grids Ellipse EAM, prior to and including 9.0.25. The issue is cross-site scripting: an attacker entices a user to click a malicious link, potentially exposing confidential data or hijacking a session. Mitigation per multiple sources: update to Ellipse EAM...
Hitachi ABB Power Grids Ellipse EAM
1. EXECUTIVE SUMMARY CVSS v3 5.5 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Hitachi ABB Power Grids Equipment: Ellipse EAM Vulnerabilities: Cross-site Scripting, User Interface Misrepresentation of Critical Information 2. RISK EVALUATION Successful exploitation of these...
INFOR EAM Cross-Site Scripting Attack Vulnerability
Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. A...
INFOR EAM SQL Injection Vulnerability
Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. An SQL...
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on...
INFOR EAM 11.0 Build 201410 - Persistent Cross-Site Scripting via Comment Fields Vulnerability
Exploit for multiple platform in category web applications Stored XSS in INFOR EAM V11.0 Build 201410 via comment fields ------------------- Assigned CVE: CVE-2017-7953 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to the jobs page 3. Click on a record and open its...
INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection
INFOR EAM 11.0 Build 201410 - filtervalue SQL Injection SQL injection in INFOR EAM V11.0 Build 201410 search fields web/base/.. via filtervalue parameter ------------------- Assigned CVE: CVE-2017-7952 Reproduction steps: ------------------- 1. Log in with your EAM account 2. Go to any page with ...