63 matches found
EUVD-2022-48737
Malicious code in bioql PyPI...
EUVD-2022-48739
Malicious code in bioql PyPI...
EUVD-2022-48741
Malicious code in bioql PyPI...
EUVD-2022-48738
Malicious code in bioql PyPI...
EUVD-2022-48743
Malicious code in bioql PyPI...
CVE-2022-45894
GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files...
CVE-2022-45892
In Planet eStream before 6.72.10.07, multiple Stored Cross-Site Scripting XSS vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username...
CVE-2022-45890
In Planet eStream before 6.72.10.07, a Reflected Cross-Site Scripting XSS vulnerability exists via any metadata filter field e.g., search within Default.aspx with the r or fo parameter...
CVE-2022-45889
Planet eStream before 6.72.10.07 allows a remote attacker who is a publisher or admin to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search the StatisticsResults.aspx flt parameter...
CVE-2022-45895
Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...
CVE-2022-45893
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access...
CVE-2022-45896
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution...
CVE-2022-45896
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution...
CVE-2022-45893
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access...
CVE-2022-45893
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access...
CVE-2022-45894
GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files...
CVE-2022-45895
Planet eStream before 6.72.10.07 discloses sensitive information, related to the ON cookie findable in HTML source code for Default.aspx in some situations and the WhoAmI endpoint e.g., path disclosure...
CVE-2022-45896
Planet eStream before 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution...
Design/Logic Flaw
Planet eStream before 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access...
Directory traversal
GetFile.aspx in Planet eStream before 6.72.10.07 allows ..\ directory traversal to read arbitrary local files...