Lucene search
K

101 matches found

CVE
CVE
added 2024/05/15 2:53 a.m.27 views

CVE-2024-4894

The CVE-2024-4894 entry concerns ITPison OMICARD EDM and describes an SSRF flaw caused by improper filtering of specific URL parameters. Unauthenticated remote attackers can modify parameters to trigger Server-Side Request Forgery, enabling probing of internal network information. Connected sourc...

5.3CVSS7AI score0.00454EPSS
Exploits0References2
ICS
ICS
added 2024/02/20 7:0 a.m.84 views

Mitsubishi Electric Electrical discharge machines

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION : Exploitable remotely/low attack complexity Vendor : Mitsubishi Electric Corporation Equipment : Electrical discharge machines Vulnerability : Improper Input Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could...

9.8CVSS9.6AI score0.95454EPSS
Exploits7References8
Openbugbounty
Openbugbounty
added 2024/01/18 8:42 p.m.4 views

edm-art.com Cross Site Scripting vulnerability OBB-3837824

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVD
added 2023/12/15 5:15 a.m.35 views

CVE-2023-48373

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

7.5CVSS0.01314EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 5:15 a.m.5 views

CVE-2023-48372

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

9.8CVSS6AI score0.01062EPSS
Exploits0References1
Prion
Prion
added 2023/12/15 5:15 a.m.22 views

Path traversal

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

5CVSS7.7AI score0.01314EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/12/15 4:27 a.m.54 views

CVE-2023-48373

CVE-2023-48373 concerns ITPison OMICARD EDM, where a path traversal flaw exists in the FileName parameter of a specific function. An unauthenticated remote attacker can exploit this to bypass authentication and download arbitrary system files. Public records tie this to ITPison OMICARD EDM v6.0.1...

7.5CVSS7.8AI score0.01314EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/12/15 4:27 a.m.11 views

CVE-2023-48373 ITPison OMICARD EDM 's SMS - Path Traversal

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

7.5CVSS7.8AI score0.01314EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/15 4:27 a.m.30 views

CVE-2023-48373 ITPison OMICARD EDM 's SMS - Path Traversal

ITPison OMICARD EDM has a path traversal vulnerability within its parameter “FileName” in a specific function. An unauthenticated remote attacker can exploit this vulnerability to bypass authentication and download arbitrary system files...

7.5CVSS8AI score0.01314EPSS
Exploits0References1
CVE
CVE
added 2023/12/15 4:18 a.m.40 views

CVE-2023-48372

The CVE-2023-48372 entry pertains to ITPison OMICARD EDM. The SMS-related function has insufficient input validation, enabling an unauthenticated remote attacker to inject arbitrary SQL commands to access, modify, and delete database data. This is described across multiple connected records (NVD/...

9.8CVSS9.9AI score0.01062EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/12/15 4:18 a.m.24 views

CVE-2023-48372 ITPison OMICARD EDM 's SMS - SQL Injection

ITPison OMICARD EDM 's SMS-related function has insufficient validation for user input. An unauthenticated remote attacker can exploit this vulnerability to inject arbitrary SQL commands to access, modify and delete database...

9.8CVSS10AI score0.01062EPSS
Exploits0References1
OSV
OSV
added 2023/12/15 4:15 a.m.5 views

CVE-2023-48371

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

9.8CVSS6AI score
Exploits0References1
NVD
NVD
added 2023/12/15 4:15 a.m.11 views

CVE-2023-48371

ITPison OMICARD EDM’s file uploading function does not restrict upload of file with dangerous type. An unauthenticated remote attacker can exploit this vulnerability to upload and run arbitrary executable files to perform arbitrary system commands or disrupt service...

9.8CVSS0.00961EPSS
Exploits0References1
CVE
CVE
added 2023/12/15 4:11 a.m.45 views

CVE-2023-48371

ITPison OMICARD EDM is affected by CVE-2023-48371 due to a file upload feature that does not restrict dangerous file types. An unauthenticated remote attacker can upload and execute arbitrary executables, enabling arbitrary system commands or disruption of service. Documents reference affected ve...

9.8CVSS9.8AI score0.00961EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.22 views

ITPison OMICARD EDM Security Vulnerability

ITPison OMICARD EDM is a high speed newsletter EDM marketing and distribution system from China ITPison company. A security vulnerability exists in ITPison OMICARD EDM v6.0.1.5, which originates from the file upload feature not restricting the upload of dangerous types of files, and can be...

9.8CVSS7.6AI score0.00961EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/12/15 12:0 a.m.4 views

ITPison OMICARD EDM SQL Injection Vulnerability

ITPison OMICARD EDM is a high-speed newsletter EDM marketing and distribution system from ITPison, China. A SQL injection vulnerability exists in ITPison OMICARD EDM v6.0.1.5, which stems from insufficient validation of user input in SMS related functions, and can be exploited by a remote attacke...

9.8CVSS8.2AI score0.01062EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/16 12:0 a.m.6 views

PT-2023-7872 · Unknown · Itpison Omicard Edm

Name of the Vulnerable Software and Affected Versions: ITPison OMICARD EDM affected versions not specified Description: The file uploading function in ITPison OMICARD EDM does not restrict the upload of files with dangerous types. An unauthenticated remote attacker can exploit this issue to uploa...

9.8CVSS9.7AI score0.00961EPSS
Exploits0References7
OSV
OSV
added 2023/10/27 2:15 p.m.5 views

CVE-2023-5443

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting.This issue affects E-invoice: before 2.1...

7.5CVSS5.8AI score0.00448EPSS
Exploits0References1
NVD
NVD
added 2023/10/27 2:15 p.m.26 views

CVE-2023-5443

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1...

7.5CVSS7.5AI score0.00448EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/10/27 2:15 p.m.6 views

CVE-2023-5443

Improper Protection for Outbound Error Messages and Alert Signals vulnerability in EDM Informatics E-invoice allows Account Footprinting. This issue affects E-invoice: before 2.1...

7.5CVSS7.1AI score0.00448EPSS
Exploits0References3
Rows per page
Query Builder