117 matches found
CVE-2025-58462
OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...
CVE-2025-58462
OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...
CVE-2025-58462
OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...
CVE-2025-58462 OPEXUS FOIAXpress PAL SQL injection
OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...
CVE-2025-58462 OPEXUS FOIAXpress PAL SQL injection
OPEXUS FOIAXpress Public Access Link PAL before version 11.13.1.0 allows SQL injection via SearchPopularDocs.aspx. A remote, unauthenticated attacker could read, write, or delete any content in the underlying database...
CVE-2025-58462
CVE-2025-58462 affects OPEXUS FOIAXpress Public Access Link (PAL) prior to version 11.13.1.0. A remote, unauthenticated attacker can exploit an SQL injection in the SearchPopularDocs.aspx page to read, write, or delete data in the underlying database. Impact is high for confidentiality, integrity...
OPEXUS FOIAXpress Public Access Link 安全漏洞
OPEXUS FOIAXpress Public Access Link OPEXUS FOIAXpress PAL is a secure, public-facing web portal from OPEXUS that connects organizations with requesters and integrates with payment solutions, including payment solutions. A security vulnerability exists in OPEXUS FOIAXpress Public Access Link prio...
CVE-2025-54832
OPEXUS FOIAXpress Public Access Link PAL, version v11.1.0, allows an authenticated user to add entries to the list of states and territories...
CVE-2025-54834
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...
CVE-2025-54833
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...
CVE-2025-54833
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...
CVE-2025-54834
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...
CVE-2025-54833
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...
CVE-2025-54832
OPEXUS FOIAXpress Public Access Link PAL, version v11.1.0, allows an authenticated user to add entries to the list of states and territories...
CVE-2025-54833 OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...
CVE-2025-54833
OPEXUS FOIAXpress PAL v11.1.0 has a vulnerability where unauthenticated remote attackers can bypass account-lockout and CAPTCHA protections, enabling brute-force password attempts. Vendor statements indicate this was addressed in June 2025 release, v11.12.3.0 (upgrade recommended).
CVE-2025-54833 OPEXUS FOIAXpress Public Access Link (PAL) account-lockout and CAPTCHA protection bypass
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows attackers to bypass account-lockout and CAPTCHA protections. Unauthenticated remote attackers can more easily brute force passwords...
CVE-2025-54834 OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...
CVE-2025-54834 OPEXUS FOIAXpress Public Access Link (PAL) unauthenticated username enumeration
OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence of valid usernames. There are no rate-limiting mechanisms in place...
CVE-2025-54834
CVE-2025-54834 affects OPEXUS FOIAXpress PAL v11.1.0. An unauthenticated attacker can query the /App/CreateRequest.aspx endpoint to enumerate valid usernames due to absent rate limiting. Impact is exposure of user existence; CVSS vectors cited in public records show network access with low to mod...