Lucene search
K

83 matches found

Vulnrichment
Vulnrichment
added 2022/04/28 2:55 p.m.4 views

CVE-2021-43939 Elcomplus SmartPtt Improper Authorization

Elcomplus SmartPTT is vulnerable when a low-authenticated user can access higher level administration authorization by issuing requests directly to the desired endpoints...

8.8CVSS8.6AI score0.00594EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2022/04/28 2:54 p.m.5 views

CVE-2021-43932 Elcomplus SmartPtt Cross-site Scripting

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...

9CVSS9.1AI score0.00605EPSS
Exploits0References1
CVE
CVE
added 2022/04/28 2:54 p.m.101 views

CVE-2021-43932

CVE-2021-43932 affects Elcomplus SmartPTT SCADA Server (notably SmartPTT SCADA Server v1.4) where an attacker can inject JavaScript into a parameter that executes when accessing the dashboard or main page. Root cause: CWE-79 (Cross‑Site Scripting) due to improper input neutralization. Impact per ...

9CVSS7.7AI score0.00605EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/28 2:54 p.m.19 views

CVE-2021-43932 Elcomplus SmartPtt Cross-site Scripting

Elcomplus SmartPTT is vulnerable when an attacker injects JavaScript code into a specific parameter that can executed upon accessing the dashboard or the main page...

9CVSS9.2AI score0.00605EPSS
Exploits0References1
CVE
CVE
added 2022/04/28 2:54 p.m.89 views

CVE-2021-43934

CVE-2021-43934 affects Elcomplus SmartPTT SCADA/SCADA Server (SmartPTT SCADA Server v1.4; SmartPTT) where the backup and restore/upload functionality does not adequately validate uploads, enabling an attacker to upload arbitrary files (Unrestricted Upload of File with Dangerous Type). The CVSS v3...

9.8CVSS9.6AI score0.01096EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/28 2:54 p.m.22 views

CVE-2021-43934 Elcomplus SmartPtt Unrestricted Upload of File with Dangerous Type

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate upload requests, enabling a malicious user to potentially upload arbitrary files...

9.8CVSS9.7AI score0.01096EPSS
Exploits0References1
CVE
CVE
added 2022/04/28 2:53 p.m.73 views

CVE-2021-43930

CVE-2021-43930 affects Elcomplus SmartPTT/SmartPTT SCADA Server backup and restore functionality. The root cause is improper validation of download requests in the backup/restore path traversal flow, enabling an attacker to access files outside the intended directory. Exploitation could allow dow...

4.9CVSS5.6AI score0.00969EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/04/28 2:53 p.m.25 views

CVE-2021-43930 Elcomplus SmartPtt Path Traversal

Elcomplus SmartPTT is vulnerable as the backup and restore system does not adequately validate download requests, enabling malicious users to perform path traversal attacks and potentially download arbitrary files from the system...

4.9CVSS5.5AI score0.00969EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.5 views

The vulnerability of the Elcomplus SmartPPT SCADA server, related to authentication errors, allows attackers to escalate their privileges.

The vulnerability of the Elcomplus SmartPPT SCADA server is related to authentication errors. Exploiting this vulnerability can allow attackers to increase their privileges...

8.8CVSS7.6AI score0.00594EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.5 views

The vulnerability of the Elcomplus SmartPPT SCADA server, related to input validation errors, allows attackers to write arbitrary files to arbitrary locations within the file system.

The vulnerability of the Elcomplus SmartPPT SCADA server is related to input validation errors. Exploiting this vulnerability allows a malicious actor to write arbitrary files to arbitrary locations in the file system using a specially created HTTP request...

10CVSS5.7AI score0.00969EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.6 views

The vulnerability of the update loading function of the Elcomplus SmartPPT server allows a hacker to execute arbitrary code.

The vulnerability of the update loading function of the Elcomplus SmartPPT server lies in the ability to download files of a dangerous type without limitation. Exploiting this vulnerability allows an attacker operating remotely to execute arbitrary code...

10CVSS8.1AI score0.01096EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.6 views

The vulnerability of the configuration page of the Elcomplus SmartPPT server allows a hacker to inject arbitrary JavaScript code into critical server parameters.

The vulnerability of the configuration page of the Elcomplus SmartPPT server lies in the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary JavaScript code into critical server parameters through a specially...

10CVSS6.5AI score0.00605EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.9 views

The vulnerability of the Elcomplus SmartPPT SCADA server, related to information disclosure, allows a intruder to expose the protected information.

The vulnerability of the Elcomplus SmartPPT SCADA server is related to the disclosure of information. Exploiting this vulnerability can allow a malicious actor to disclose the protected information...

8.1CVSS7.7AI score0.01028EPSS
Exploits0References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/04/27 12:0 a.m.7 views

The vulnerability of the Elcomplus SmartPPT SCADA server, related to insufficient verification of the HTTP request source, allows a hacker to execute a CSRF attack.

The vulnerability of the Elcomplus SmartPPT SCADA server is related to insufficient security checks on the HTTP request source. Exploiting this vulnerability allows a malicious actor to execute a CSRF attack using a specially created web page...

8CVSS7.7AI score0.00344EPSS
Exploits0References5Affected Software1
CNVD
CNVD
added 2022/04/21 12:0 a.m.24 views

Elcomplus SmartPPT Information Disclosure Vulnerability

Elcomplus SmartPPT SCADA Server is an integrated voice and data scheduling software from Elcomplus, Inc. Elcomplus SmartPPT SCADA Server 1.4 is vulnerable to an information disclosure vulnerability that could be exploited by an unauthenticated attacker to request various files from the server...

9.8CVSS2.1AI score0.01028EPSS
Exploits0References1
CNVD
CNVD
added 2022/04/21 12:0 a.m.23 views

Elcomplus SmartPPT Licensing Issue Vulnerability

Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus, U.S.A. An authorization issue vulnerability exists in Elcomplus SmartPPT, which can be exploited by a low-authentication attacker to access higher-level administrative authorizations by sending a request direct...

9CVSS2.8AI score0.00594EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.2 views

Elcomplus SmartPPT 信息泄露漏洞

Elcomplus SmartPPT SCADA Server is an integrated voice and data scheduling software from Elcomplus, Inc. Elcomplus SmartPPT SCADA Server 1.4 is vulnerable to an information disclosure vulnerability that could be exploited by an unauthenticated attacker to request various files from the server...

9.8CVSS5.6AI score0.01028EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.6 views

Elcomplus SmartPPT 代码问题漏洞

Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus USA. A code issue vulnerability exists in Elcomplus SmartPPT that stems from a lack of restriction on the size or number of files that can be uploaded. An attacker could exploit this vulnerability to upload or...

9.8CVSS8.4AI score0.01096EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.5 views

Elcomplus SmartPPT 安全漏洞

Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus, U.S.A. An authorization issue vulnerability exists in Elcomplus SmartPPT, which can be exploited by a low-authentication attacker to access higher-level administrative authorizations by sending a request direct...

9CVSS5.6AI score0.00594EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/04/19 12:0 a.m.3 views

Elcomplus SmartPPT 路径遍历漏洞

Elcomplus SmartPPT is an integrated voice and data scheduling software from Elcomplus USA. A path traversal vulnerability exists in Elcomplus SmartPPT that stems from the software using external input to construct a pathname that should be located in a restricted directory, but it fails to...

4.9CVSS5.4AI score0.00969EPSS
Exploits0References4
Rows per page
Query Builder