12 matches found
CVE-2025-0586
The a+HRD from aEnrich Technology has an Insecure Deserialization vulnerability, allowing remote attackers with database modification privileges and regular system privileges to perform arbitrary code execution...
CVE-2024-3775
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files...
CVE-2024-3774
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values...
CVE-2024-3775 aEnrich Technology a+HRD - Argument Injection
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files...
CVE-2024-3775
CVE-2024-3775 concerns aEnrich Technology a+HRD, where the file-downloading function via youtube-dl.exe accepts unsafely-constructed user input. The root cause is insufficient input restriction, allowing attackers to pass arbitrary arguments to youtube-dl.exe and potentially cause downloads of pa...
CVE-2024-3775 aEnrich Technology a+HRD - Argument Injection
aEnrich Technology a+HRD's functionality for downloading files using youtube-dl.exe does not properly restrict user input. This allows attackers to pass arbitrary arguments to youtube-dl.exe, leading to the download of partial unauthorized files...
CVE-2024-3774 aEnrich Technology a+HRD - Exposure of Sensitive Data
aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values...
CVE-2023-20852
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ interpreter. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service...
CVE-2023-20853
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service...
CVE-2023-20853
The CVE-2023-20853 entry concerns aDeserialization of Untrusted Data in the aEnrich Technology a+HRD MSMQ asynchronous message processing. An unauthenticated remote attacker could trigger arbitrary command execution and disrupt services via deserialization of untrusted data. Affected component: M...
CVE-2023-20852
CVE-2023-20852 affects aEnrich Technology a+HRD, where Deserialization of Untrusted Data occurs in the MSMQ interpreter. The vulnerability allows an unauthenticated, remote attacker to execute arbitrary system commands, potentially taking arbitrary system operations or disrupting service. The CVS...
CVE-2023-20853 aEnrich a+HRD - Deserialization of Untrusted Data
aEnrich Technology a+HRD has a vulnerability of Deserialization of Untrusted Data within its MSMQ asynchronized message process. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands to perform arbitrary system operation or disrupt service...