Lucene search
+L

81 matches found

OSV
OSV
added 2024/10/07 9:15 p.m.5 views

UBUNTU-CVE-2024-43362

Cacti is an open source performance and fault management framework. The fileurl parameter is not properly sanitized when saving external links in links.php . Morever, the said fileurl is placed in some html code which is passed to the print function in link.php and index.php, finally leading to...

7.3CVSS7.2AI score0.3484EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2024/10/07 12:0 a.m.8 views

PT-2024-7358 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.28 Description: The issue is related to the lack of protection of the web page structure in the Cacti network monitoring tool, specifically in the links.php script. This allows a remote attacker to perform cross-si...

10CVSS6.2AI score0.99826EPSS
Exploits150References184
OSV
OSV
added 2024/01/31 9:15 p.m.8 views

CVE-2024-1117

A vulnerability was found in openBI up to 1.0.8. It has been declared as critical. Affected by this vulnerability is the function index of the file /application/index/controller/Screen.php. The manipulation of the argument fileurl leads to code injection. The attack can be launched remotely. The...

9.8CVSS5.5AI score0.00743EPSS
Exploits0References3
OSV
OSV
added 2024/01/31 8:15 p.m.7 views

CVE-2024-1114

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. T...

9.8CVSS5.4AI score0.00856EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/01/31 7:31 p.m.31 views

CVE-2024-1114 openBI Screen.php dlfile access control

A vulnerability has been found in openBI up to 1.0.8 and classified as critical. This vulnerability affects the function dlfile of the file /application/index/controller/Screen.php. The manipulation of the argument fileUrl leads to improper access controls. The attack can be initiated remotely. T...

6.5CVSS9.8AI score0.00856EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.7 views

PT-2024-16784 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue has been found, affecting the dlfile function of the file /application/index/controller/Screen.php. The manipulation of the fileUrl argument leads to improper access controls. The atta...

9.8CVSS6.6AI score0.00856EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/01/31 12:0 a.m.5 views

PT-2024-16797 · Openbi · Openbi

Name of the Vulnerable Software and Affected Versions: openBI versions up to 1.0.8 Description: A critical issue has been found in the function index of the file /application/index/controller/Screen.php. The manipulation of the fileurl argument leads to code injection. This issue can be exploited...

9.8CVSS7.7AI score0.00743EPSS
Exploits0References10
OSV
OSV
added 2023/06/06 11:15 a.m.6 views

CVE-2023-3121

A vulnerability has been found in Dahua Smart Parking Management up to 20230528 and classified as problematic. This vulnerability affects unknown code of the file /ipms/imageConvert/image. The manipulation of the argument fileUrl leads to server-side request forgery. The exploit has been disclose...

4.6CVSS4.7AI score0.00461EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/06 12:0 a.m.7 views

Dahua Smart Parking Management 代码问题漏洞

Dahua Smart Parking Management is a parking solution from Dahua, China. A code issue vulnerability exists in Dahua Smart Parking Management 20230528 and prior versions, which stems from an issue with unknown code in the file /ipms/imageConvert/image, where manipulation of the parameter fileUrl ca...

4.6CVSS5AI score0.00461EPSS
Exploits1References4
NVD
NVD
added 2022/05/15 5:15 p.m.26 views

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

7.5CVSS0.00988EPSS
Exploits1References1
Prion
Prion
added 2022/05/15 5:15 p.m.21 views

Server side request forgery (ssrf)

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

5CVSS7.4AI score0.00988EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/05/15 5:15 p.m.5 views

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

7.5CVSS5.9AI score0.00988EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/05/15 4:17 p.m.33 views

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

7.6AI score0.00988EPSS
Exploits1References1
OSV
OSV
added 2022/05/15 4:17 p.m.19 views

CVE-2022-30049

A Server-Side Request Forgery SSRF in Rebuild v2.8.3 allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter...

7.5CVSS6.6AI score0.00988EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/05/15 12:0 a.m.4 views

Rebuild 代码问题漏洞

Rebuild is a highly customizable enterprise management system. A security vulnerability exists in Rebuild version 2.8.3. An attacker can use this vulnerability to obtain a real IP address via the fileurl parameter and scan for Intranet information...

7.5CVSS7.4AI score0.00988EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/05/15 12:0 a.m.8 views

PT-2022-19985 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild version 2.8.3 Description: A Server-Side Request Forgery SSRF issue allows attackers to obtain the real IP address and scan Intranet information via the fileurl parameter. This enables attackers to access internal network details...

7.5CVSS7.4AI score0.00988EPSS
Exploits1References4
CNVD
CNVD
added 2021/06/17 12:0 a.m.9 views

bloofoxCMS path traversal vulnerability (CNVD-2021-41076)

bloofoxCMS is a free open source PHP + MySQL based Web content management system . A path traversal vulnerability exists in the fileurl parameter in bloofoxCMS version 0.5.2.1. An attacker can exploit this vulnerability to read local files...

4CVSS6.4AI score0.00975EPSS
Exploits1References1
OSV
OSV
added 2021/06/16 4:15 p.m.13 views

CVE-2020-35762

bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...

2.7CVSS6.5AI score
Exploits0References1
Prion
Prion
added 2021/06/16 4:15 p.m.17 views

Path traversal

bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...

4CVSS3.8AI score0.00975EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/06/16 3:52 p.m.17 views

CVE-2020-35762

bloofoxCMS 0.5.2.1 is infected with Path traversal in the 'fileurl' parameter that allows attackers to read local files...

3.6AI score0.00975EPSS
Exploits1References1
Rows per page
Query Builder