612 matches found
CVE-2019-15338
The CVE-2019-15338 entry concerns Lava Iris 88 Lite (build fingerprint LAVA/iris88_lite/iris88_lite:8.1.0/O11019/1536323070:user/release-keys}). A pre-installed app with package name com.android.lava.powersave (versionCode 400, versionName v4.0.27) exposes an interface that lets any co-located ap...
CVE-2019-15338
The Lava Iris 88 Lite Android device with a build fingerprint of LAVA/iris88lite/iris88lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the devic...
CVE-2019-15334
The Lava Iris 88 Go Android device with a build fingerprint of LAVA/iris88go/iris88go:8.1.0/O11019/1538188945:user/release-keys contains a pre-installed app with a package name of com.android.lava.powersave app versionCode=400, versionName=v4.0.27 that allows any app co-located on the device to...
CVE-2019-15334
The CVE-2019-15334 entry concerns the Lava Iris 88 Go Android device. A pre-installed app (package com.android.lava.powersave, versionCode 400, versionName v4.0.27) exposes an interface that lets any co-located app programmatically disable and enable Wi‑Fi without the required access permission. ...
CVE-2019-18925
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...
CVE-2019-18924
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ and variations, it is possible to list all the directories and check if a particular file exists...
CVE-2019-18926
Systematic IRIS Standards Management ISM v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting XSS. A user input related to dialog information is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the...
CVE-2019-18924
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ and variations, it is possible to list all the directories and check if a particular file exists...
CVE-2019-18926
Systematic IRIS Standards Management ISM v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting XSS. A user input related to dialog information is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the...
CVE-2019-18925
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...
Authentication flaw
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...
Cross site scripting
Systematic IRIS Standards Management ISM v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting XSS. A user input related to dialog information is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the...
Directory traversal
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ and variations, it is possible to list all the directories and check if a particular file exists...
CVE-2019-18925
The records consistently identify an authentication bypass in Systematic IRIS WebForms 5.4, where “its functionalities can be accessed and used without any form of authentication.” Red Hat and NVD corroborate this as CVE-2019-18925, with a high/critical impact profile (CVSS v3.1: CRITICAL, base s...
CVE-2019-18925
Systematic IRIS WebForms 5.4 and its functionalities can be accessed and used without any form of authentication...
CVE-2019-18926
Systematic IRIS Standards Management ISM v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting XSS. A user input related to dialog information is reflected directly in the web page, allowing a malicious user to conduct a Cross Site Scripting attack against users of the...
CVE-2019-18926
CVE-2019-18926 affects Systematic IRIS Standards Management (ISM) v2.1 SP1 89. It is vulnerable to unauthenticated reflected XSS via a user input (dialog information) reflected in the page. The Red Hat/NVD entries confirm the same description. No explicit exploit details or remediation are provid...
CVE-2019-18924
CVE-2019-18924 affects IRIS WebForms 5.4. The root cause is a directory-traversal flaw: manipulating file-referencing variables with ../ and variations allows listing directories and checking for file existence. Exploitation or in-wild details are not provided in the connected documents. Remediat...
CVE-2019-18924
Systematic IRIS WebForms 5.4 is vulnerable to directory traversal. By manipulating variables that reference files with ../ and variations, it is possible to list all the directories and check if a particular file exists...
regiocast.api.iris.radiorepo.io Cross Site Scripting vulnerability
Open Bug Bounty ID: OBB-956839 Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has:       a. verified the vulnerability and confirmed its existence;       b. notified the website...