135 matches found
CVE-2023-36663
it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...
CVE-2023-3520
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...
CVE-2023-3218
Race Condition within a Thread in GitHub repository it-novum/openitcockpit prior to 4.6.5...
CVE-2020-10792
openITCOCKPIT through 3.7.2 allows remote attackers to configure the self::DEVELOPMENT or self::STAGING option by placing a hostname containing "dev" or "staging" in the HTTP Host header...
CVE-2019-15491
openITCOCKPIT before 3.7.1 has CSRF, aka RVID 2-445b21...
CVE-2019-15490
openITCOCKPIT before 3.7.1 allows code injection, aka RVID 1-445b21...
CVE-2019-15492
openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21...
CVE-2019-15493
openITCOCKPIT before 3.7.1 allows deletion of files, aka RVID 4-445b21...
CVE-2019-15494
openITCOCKPIT before 3.7.1 allows SSRF, aka RVID 5-445b21...
Session fixation
Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit prior to 4.6.6...
PT-2023-25193 · Unknown · Openitcockpit
Name of the Vulnerable Software and Affected Versions: openitcockpit versions prior to 4.6.6 Description: The issue concerns a sensitive cookie in an HTTPS session that lacks the 'Secure' attribute. This could potentially allow unauthorized access to sensitive information. Recommendations: For...
OpenITCOCKPIT 安全漏洞
It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in OpenITCOCKPIT prior to version 4.6.6, which stems from the absence of the "Secure" attribute on sensitive cookies in HTTPS sessions...
CVE-2023-36663
it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...
CVE-2023-36663
it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...
Sql injection
it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...
CVE-2023-36663
it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...
It-novum OpenITCOCKPIT SQL注入漏洞
It-novum OpenITCOCKPIT is an open source system monitoring tool from It-novum, Germany. A security vulnerability exists in it-novum openITCOCKPIT, which originates from an SQL injection via the sort parameter of the API interface...
CVE-2023-36663
it-novum openITCOCKPIT aka open IT COCKPIT 4.6.4 before 4.6.5 allows SQL Injection by authenticated users via the sort parameter of the API interface...
CVE-2023-36663
OpenITCOCKPIT (It-novum) 4.6.4 is vulnerable to SQL injection via the API interface’s sort parameter when accessed by authenticated users, due to a flaw in the input handling. Affects versions 4.6.4 prior to 4.6.5. Mitigation: upgrade to 4.6.5 or apply vendor-provided security update; as a tempor...
PT-2023-25666 · Unknown · Openitcockpit
Name of the Vulnerable Software and Affected Versions: openITCOCKPIT versions 4.6.4 through 4.6.4 Description: The issue allows SQL Injection via the sort parameter of the API interface, which can be exploited by authenticated users. Recommendations: For openITCOCKPIT version 4.6.4, update to...