Lucene search
K

72 matches found

Cvelist
Cvelist
added 2022/10/19 12:0 a.m.20 views

CVE-2022-40798

OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover...

7.7AI score0.00785EPSS
Exploits1References2
CVE
CVE
added 2022/10/19 12:0 a.m.59 views

CVE-2022-40798

OcoMon 4.0RC1 is affected by an Incorrect Access Control vulnerability. An attacker can retrieve the real email via a crafted request, and by repeating the request with the correct email may achieve account takeover. Affected product/version: OcoMon 4.0RC1. Root cause stated: improper access cont...

7.5CVSS7.4AI score0.00785EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2022/10/19 12:0 a.m.5 views

PT-2022-25542 · Ocomon · Ocomon

Name of the Vulnerable Software and Affected Versions: OcoMon version 4.0RC1 Description: The issue is related to Incorrect Access Control. Through a request, a user can obtain the real email, and by sending the same request with the correct email, it is possible to perform an account takeover...

7.5CVSS7.3AI score0.00785EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/10/19 12:0 a.m.9 views

CVE-2022-40798

OcoMon 4.0RC1 is vulnerable to Incorrect Access Control. Through a request the user can obtain the real email, sending the same request with correct email its possible to account takeover...

7.1AI score0.00785EPSS
Exploits1References2
NVD
NVD
added 2022/10/13 11:15 p.m.15 views

CVE-2022-41391

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...

9.8CVSS0.00752EPSS
Exploits1References1
NVD
NVD
added 2022/10/13 11:15 p.m.15 views

CVE-2022-41390

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...

9.8CVSS0.00752EPSS
Exploits1References1
OSV
OSV
added 2022/10/13 11:15 p.m.2 views

CVE-2022-41390

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...

9.8CVSS5.8AI score
Exploits0References1
OSV
OSV
added 2022/10/13 11:15 p.m.2 views

CVE-2022-41391

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...

9.8CVSS5.8AI score0.00752EPSS
Exploits1References1
Prion
Prion
added 2022/10/13 11:15 p.m.16 views

Sql injection

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...

7.5CVSS9.8AI score0.00752EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/10/13 11:15 p.m.10 views

Sql injection

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...

7.5CVSS9.8AI score0.00752EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.4 views

OcoMon SQL注入漏洞

OcoMon is a helpdesk system from the personal developer Rafael Foster. It is designed to manage integrated inventory control that supports tickets and computing devices. An SQL injection vulnerability exists in OcoMon version v4.0, which stems from the cod parameter in download.php being vulnerab...

9.8CVSS8.5AI score0.00752EPSS
Exploits1References2
Cvelist
Cvelist
added 2022/10/13 12:0 a.m.20 views

CVE-2022-41391

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...

10AI score0.00752EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/13 12:0 a.m.24 views

CVE-2022-41390

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...

10AI score0.00752EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2022/10/13 12:0 a.m.5 views

PT-2022-25840 · Ocomon · Ocomon

Name of the Vulnerable Software and Affected Versions: OcoMon version 4.0 Description: A SQL injection issue was discovered in OcoMon via the cod parameter at the "showImg.php" endpoint. This allows for potential exploitation of the database. Recommendations: For OcoMon version 4.0, consider...

9.8CVSS9.6AI score0.00752EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.7 views

CVE-2022-41390

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at download.php...

9.9AI score0.00752EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2022/10/13 12:0 a.m.5 views

CVE-2022-41391

OcoMon v4.0 was discovered to contain a SQL injection vulnerability via the cod parameter at showImg.php...

9.9AI score0.00752EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/10/13 12:0 a.m.5 views

OcoMon SQL注入漏洞

OcoMon is a helpdesk system from the personal developer Rafael Foster. It is designed to manage integrated inventory control that supports tickets and computing devices. An SQL injection vulnerability exists in OcoMon version v4.0, which stems from the cod parameter in showImg.php being vulnerabl...

9.8CVSS8.5AI score0.00752EPSS
Exploits1References2
CVE
CVE
added 2022/10/13 12:0 a.m.48 views

CVE-2022-41390

Summary (CVE-2022-41390): OcoMon v4.0 is affected by a SQL injection vulnerability in the download.php endpoint, triggered via the cod parameter. The issue is described as affecting the ability to inject SQL through this parameter, with the CVSS v3.1 metrics indicating a critical impact (AV:N/AC:...

9.8CVSS9.8AI score0.00752EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/10/13 12:0 a.m.51 views

CVE-2022-41391

CVE-2022-41391 affects OcoMon v4.0, with a SQL injection in the showImg.php endpoint via the cod parameter. The root cause is unsafely handling user input in the SQL query, allowing attackers to craft requests that may compromise confidentiality, integrity, and availability (CVSS v3.1 base score ...

9.8CVSS9.8AI score0.00752EPSS
Exploits1References1Affected Software1
Exploit DB
Exploit DB
added 2016/08/22 12:0 a.m.30 views

Ocomon 2.0 - SQL Injection

Exploit Title: Ocomon 2.0: Acess administrative Bypass / Multiple Sql Injection Google Dork: inurl:ocomon/index.php or intitle:Ocomon 2.0-RC6 Date: 2016.08.18 Exploit Author: Jonatas Fil a.k.a pwx Vendor Homepage: ninj4c0d3r.github.io Version: Latest 2.0RC6 Tested on: Linux And Windows CVE :...

5CVSS6.6AI score0.01099EPSS
Exploits3
Rows per page
Query Builder