Lucene search
K

15 matches found

NVD
NVD
added 2022/12/06 5:15 p.m.18 views

CVE-2022-45326

An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...

4.9CVSS0.01139EPSS
Exploits1References2
OSV
OSV
added 2022/12/06 5:15 p.m.4 views

CVE-2022-45326

An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...

4.9CVSS5.8AI score0.01139EPSS
Exploits1References2
Prion
Prion
added 2022/12/06 5:15 p.m.19 views

Design/Logic Flaw

An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...

3.3CVSS5.1AI score0.01139EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/12/06 12:0 a.m.17 views

CVE-2022-45326

An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...

5.4AI score0.01139EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2022/12/06 12:0 a.m.6 views

CVE-2022-45326

An XML external entity XXE injection vulnerability in Kwoksys Kwok Information Server before v2.9.5.SP31 allows remote authenticated users to conduct server-side request forgery SSRF attacks...

6.9AI score0.01139EPSS
Exploits1References2
CVE
CVE
added 2022/12/06 12:0 a.m.62 views

CVE-2022-45326

CVE-2022-45326 affects Kwoksys Kwok Information Server — vulnerable component: XML processing (XXE) leading to server-side request forgery (SSRF). Affected: versions before 2.9.5.SP31; root cause is an XML external entity vulnerability. Impact as described: remote authenticated users can trigger ...

4.9CVSS5AI score0.01139EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/12/06 12:0 a.m.3 views

PT-2022-27466 · Kwoksys · Kwok Information Server

Name of the Vulnerable Software and Affected Versions: Kwoksys Kwok Information Server versions prior to 2.9.5.SP31 Description: An XML external entity XXE injection issue allows remote authenticated users to conduct server-side request forgery SSRF attacks. This enables attackers to manipulate t...

4.9CVSS5AI score0.01139EPSS
Exploits1References5
NVD
NVD
added 2013/10/11 9:55 p.m.16 views

CVE-2013-5028

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...

6.5CVSS7.9AI score0.01947EPSS
Exploits3References4
Prion
Prion
added 2013/10/11 9:55 p.m.12 views

Sql injection

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...

6.5CVSS8.5AI score0.01947EPSS
Exploits3References4Affected Software1
CVE
CVE
added 2013/10/11 9:0 p.m.40 views

CVE-2013-5028

Kwoksys Kwok Information Server vulnerable to SQL injection in IT/hardware-list.dll (versions before 2.8.5). Affected component is the search command handling (hardwareType, hardwareStatus, hardwareLocation) with remote-authenticated access leading to arbitrary SQL execution. Root cause is improp...

6.5CVSS8.2AI score0.01947EPSS
Exploits3References4Affected Software1
Cvelist
Cvelist
added 2013/10/11 9:0 p.m.25 views

CVE-2013-5028

SQL injection vulnerability in IT/hardware-list.dll in Kwoksys Kwok Information Server before 2.8.5 allows remote authenticated users to execute arbitrary SQL commands via the 1 hardwareType, 2 hardwareStatus, or 3 hardwareLocation parameter in a search command...

7.9AI score0.01947EPSS
Exploits3References4
0day.today
0day.today
added 2013/09/13 12:0 a.m.37 views

Kwok Information Server 2.7.3 / 2.8.4 SQL Injection Vulnerability

Kwok Information Server versions 2.7.3 and 2.8.4 suffer from a remote blind SQL injection vulnerability. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Kwok Information Server Blind Sql Injection || || Affected Version : 2.7.3 & 2.8.4 || || Vendor :...

6.5CVSS7.6AI score0.01947EPSS
Exploits3
Packet Storm
Packet Storm
added 2013/09/12 12:0 a.m.57 views

Kwok Information Server 2.7.3 / 2.8.4 SQL Injection

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ || || || Advisory : Kwok Information Server Blind Sql Injection || || Affected Version : 2.7.3 & 2.8.4 || || Vendor : http://www.kwoksys.com/index.php || || Risk : Medium || || CVE-ID : 2013-5028 || || Tested on Platform : Windows...

6.5CVSS6.7AI score0.01947EPSS
Exploits3
exploitpack
exploitpack
added 2013/08/07 12:0 a.m.12 views

Kwok Information Server - Multiple SQL Injections

Kwok Information Server - Multiple SQL Injections source: https://www.securityfocus.com/bid/61728/info Kwok Information Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may...

8AI score
Exploits0
Exploit DB
Exploit DB
added 2013/08/07 12:0 a.m.26 views

Kwok Information Server - Multiple SQL Injections

source: https://www.securityfocus.com/bid/61728/info Kwok Information Server is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. A successful exploit may allow an attacker to compromise the application,...

7.4AI score
Exploits0
Rows per page
Query Builder