884 matches found
CVE-2024-51321
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the mcURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication...
CVE-2024-51319
A local file include vulnerability in the /servlet/Report of Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution by uploading a jsp web/reverse shell through /jsp/zimgupload.jsp...
CVE-2024-51322
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfrfeditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmdcontainer.jsp components...
CVE-2024-51321
In Zucchetti Ad Hoc Infinity 2.4, an improper check on the mcURL parameter allows an attacker to redirect the victim to an attacker-controlled website after the authentication...
CVE-2024-51320
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdmfsavehtmltmp, /servlet/gsdmbtlkopenfile components...
CVE-2024-51320
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /servlet/gsdmfsavehtmltmp, /servlet/gsdmbtlkopenfile components...
CVE-2024-51322
Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity 2.4 allows an authenticated attacker to achieve Remote Code Execution via the /jsp/home.jsp, /jsp/gsfrfeditorHTML.jsp, /servlet/SPVisualZoom, /jsp/gsmdcontainer.jsp components...
Zucchetti Ad Hoc Infinity 跨站脚本漏洞
Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A cross-site scripting vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4, which originates from multiple components that allow an authenticated attacker to achieve remote code execution...
Zucchetti Ad Hoc Infinity 跨站脚本漏洞
Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A cross-site scripting vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4, which originates from cross-site scripting in the /servlet/gsdmfsavehtmltmp and /servlet/gsdmbtlkopenfile components and could lead to remote code...
Zucchetti Ad Hoc Infinity 安全漏洞
Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A security vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4 that stems from improper checking of the mcURL parameter, which could result in a victim being redirected to an attacker-controlled website...
Zucchetti Ad Hoc Infinity 安全漏洞
Zucchetti Ad Hoc Infinity is an ERP software from Zucchetti. A security vulnerability exists in Zucchetti Ad Hoc Infinity version 2.4 that originates from a local file inclusion in /servlet/Report and could lead to remote code execution...
CVE-2024-51321
CVE-2024-51321 affects Zucchetti Ad Hoc Infinity 2.4. The root cause is an improper check on the m_cURL parameter, which can allow an attacker to redirect an authenticated victim to an attacker-controlled website. Affected component: the authentication flow handling m_cURL in Zucchetti Ad Hoc Inf...
CVE-2024-51320
CVE-2024-51320 affects Zucchetti Ad Hoc Infinity 2.4. It is a cross-site scripting vulnerability that, when exploited by an authenticated attacker, can lead to Remote Code Execution via the endpoints /servlet/gsdm_fsave_htmltmp and /servlet/gsdm_btlk_openfile . The provided connected documents co...
PT-2025-10777 · Zucchetti · Zucchetti Ad Hoc Infinity
Name of the Vulnerable Software and Affected Versions: Zucchetti Ad Hoc Infinity version 2.4 Description: A Cross Site Scripting vulnerability in Zucchetti Ad Hoc Infinity allows an authenticated attacker to achieve Remote Code Execution via the "/jsp/home.jsp", "/jsp/gsfr feditorHTML.jsp",...
CVE-2024-51322
CVE-2024-51322 affects Zucchetti Ad Hoc Infinity 2.4. An authenticated attacker can achieve Remote Code Execution via multiple components: /jsp/home.jsp, /jsp/gsfr_feditorHTML.jsp, /servlet/SPVisualZoom, and /jsp/gsmd_container.jsp. Root cause is a cross-site scripting vulnerability that enables ...
PT-2025-2394 · Illumos · Illumos
Name of the Vulnerable Software and Affected Versions: illumos illumos-gate affected versions not specified Description: An error occurs in the elliptic curve point addition algorithm that uses mixed Jacobian-affine coordinates, causing the algorithm to yield a result of POINT AT INFINITY when it...
PT-2025-1782 · Pegasystems · Pega Platform
Name of the Vulnerable Software and Affected Versions: Pega Platform versions 8.1 to Infinity 24.2.0 Description: The issue is related to a Stored XSS problem with the profile. Recommendations: For Pega Platform versions 8.1 to Infinity 24.2.0, update to a version newer than Infinity 24.2.0 to...
CVE-2024-10716
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search...
CVE-2024-10716
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search...
CVE-2024-10094
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code...