Lucene search
+L

12 matches found

NVD
NVD
added 2022/02/04 7:15 p.m.22 views

CVE-2021-29393

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters...

10CVSS0.03573EPSS
Exploits0References2
NVD
NVD
added 2022/02/04 7:15 p.m.21 views

CVE-2021-29395

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...

7.5CVSS0.01801EPSS
Exploits0References2
NVD
NVD
added 2022/02/04 7:15 p.m.24 views

CVE-2021-29396

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication...

9.8CVSS0.0167EPSS
Exploits0References2
Prion
Prion
added 2022/02/04 7:15 p.m.16 views

Directory traversal

Directory travesal in /northstar/filemanager/download.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to download arbitrary files, including JSP source code, across the filesystem of the host of the web application...

5CVSS7.6AI score0.01801EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/04 7:15 p.m.16 views

Design/Logic Flaw

Cleartext Transmission of Sensitive Information in /northstar/Admin/login.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote local user to intercept users credentials transmitted in cleartext over HTTP...

5CVSS7.5AI score0.00813EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2022/02/04 7:15 p.m.17 views

Cross site request forgery (csrf)

Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST...

4CVSS6.3AI score0.00815EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/04 6:52 p.m.52 views

CVE-2021-29397

CVE-2021-29397 affects Northstar Technologies Inc. NorthStar Club Management version 6.3. The vulnerability is a cleartext transmission issue in the login page at /northstar/Admin/login.jsp, allowing a remote observer to intercept credentials transmitted over HTTP. The connected documents confirm...

7.5CVSS7.4AI score0.00813EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/04 6:50 p.m.58 views

CVE-2021-29396

CVE-2021-29396 concerns NorthStar Club Management 6.3 from Northstar Technologies Inc, described as a systemic insecure-permissions issue that allows remote unauthenticated users to access and use various functionalities without authentication. The CVE entry notes exposure at network level with h...

9.8CVSS9.3AI score0.0167EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/04 6:50 p.m.28 views

CVE-2021-29396

Systemic Insecure Permissions in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to use various functionalities without authentication...

9.6AI score0.0167EPSS
Exploits0References2
CVE
CVE
added 2022/02/04 6:47 p.m.66 views

CVE-2021-29394

CVE-2021-29394 affects NorthStar Club Management version 6.3. The issue is a lack of proper authorization in the userID parameter of an HTTP POST to /northstar/Admin/changePassword.jsp, allowing remote authenticated users to change other users’ passwords (account hijacking). Root cause: insuffici...

6.5CVSS6.3AI score0.00815EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2022/02/04 6:43 p.m.61 views

CVE-2021-29393

The CVE-2021-29393 entry concerns Northstar Club Management 6.3. Affected component: web interfaces cominput.jsp and comoutput.jsp. Root cause: unsanitized user-controlled parameters command and commandvalues enable an OS command injection, allowing remote unauthenticated users to inject and exec...

10CVSS9.9AI score0.03573EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2022/02/04 6:43 p.m.25 views

CVE-2021-29393

Remote Code Execution in cominput.jsp and comoutput.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote unauthenticated users to inject and execute arbitrary system commands via the unsanitized user-controlled "command" and "commandvalues" parameters...

10AI score0.03573EPSS
Exploits0References2
Rows per page
Query Builder