Lucene search
K

135 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:2 a.m.5 views

CVE-2023-36663

it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...

8.8CVSS8AI score0.0071EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 3:57 a.m.9 views

CVE-2023-3520

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

4.6CVSS6.8AI score0.00302EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/23 3:48 a.m.6 views

CVE-2023-3218

Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5...

6.5CVSS6.8AI score0.00475EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:46 p.m.10 views

CVE-2020-10792

openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...

7.5CVSS7AI score0.01895EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:19 a.m.4 views

CVE-2019-15491

openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21...

8.8CVSS7AI score0.006EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:36 a.m.5 views

CVE-2019-15490

openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21...

9.8CVSS7.2AI score0.01656EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:19 a.m.5 views

CVE-2019-15492

openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21...

6.1CVSS7AI score0.00822EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:14 a.m.6 views

CVE-2019-15493

openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21...

7.5CVSS7AI score0.0118EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:57 a.m.6 views

CVE-2019-15494

openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21...

9.8CVSS7AI score0.01514EPSS
Exploits0References1
Prion
Prion
added 2023/07/06 1:15 a.m.16 views

Session fixation

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...

4CVSS4.7AI score0.00302EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/07/06 12:0 a.m.6 views

PT-2023-25193 · Unknown · Openitcockpit

Name of the Vulnerable Software and Affected Versions: openitcockpit versions prior to 4.6.6 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This could potentially allow unauthorized access to sensitive information. Recommendations: For...

4.6CVSS4.4AI score0.00302EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/07/06 12:0 a.m.21 views

OpenITCOCKPIT 安全漏洞

It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in OpenITCOCKPIT prior to version 4.6.6, which stems from the absence of the "Secure" attribute on sensitive cookies in HTTPS sessions...

4.6CVSS5AI score0.00302EPSS
Exploits1References3
NVD
NVD
added 2023/06/25 9:15 p.m.23 views

CVE-2023-36663

it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...

8.8CVSS9.1AI score0.0071EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/25 9:15 p.m.4 views

CVE-2023-36663

it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...

8.8CVSS7.5AI score0.0071EPSS
Exploits0References3
Prion
Prion
added 2023/06/25 9:15 p.m.20 views

Sql injection

it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...

6.5CVSS9AI score0.0071EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/06/25 12:0 a.m.29 views

CVE-2023-36663

it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...

9.3AI score0.0071EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/25 12:0 a.m.4 views

It-novum OpenITCOCKPIT SQL注入漏洞

It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in it-novum openITCOCKPIT, which originates from an SQL injection via the sort parameter of the API interface...

8.8CVSS8.2AI score0.0071EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/25 12:0 a.m.11 views

CVE-2023-36663

it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...

8AI score0.0071EPSS
Exploits0References2
CVE
CVE
added 2023/06/25 12:0 a.m.53 views

CVE-2023-36663

OpenITCOCKPIT (It-novum) 4.6.4 is vulnerable to SQL injection via the API interface’s sort parameter when accessed by authenticated users, due to a flaw in the input handling. Affects versions 4.6.4 prior to 4.6.5. Mitigation: upgrade to 4.6.5 or apply vendor-provided security update; as a tempor...

8.8CVSS9AI score0.0071EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/25 12:0 a.m.3 views

PT-2023-25666 · Unknown · Openitcockpit

Name of the Vulnerable Software and Affected Versions: openITCOCKPIT versions 4.6.4 through 4.6.4 Description: The issue allows SQL Injection via the sort parameter of the API interface, which can be exploited by authenticated users. Recommendations: For openITCOCKPIT version 4.6.4, update to...

8.8CVSS8.9AI score0.0071EPSS
Exploits0References5
Rows per page
Query Builder