47 matches found
CVE-2020-24982
An issue was discovered in Quadbase ExpressDashboard EDAB 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account...
CVE-2020-24983
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An unauthenticated attacker can create a malicious HTML file that houses a POST request made to the DashboardBuilder within the target web application. This request will utilise the target admin session and perform the authenticate...
EUVD-2019-19312
Malware in sbrugna...
EUVD-2020-17682
Malware in sbrugna...
EUVD-2019-19311
Malware in sbrugna...
EUVD-2020-17683
Malware in sbrugna...
EUVD-2020-17685
Malware in sbrugna...
EUVD-2020-17684
Malware in sbrugna...
CVE-2020-24984
An issue was discovered in Quadbase EspressReports ES 7 Update 9. It allows CSRF, whereby an attacker may be able to trick an authenticated admin level user into uploading malicious files to the web server...
CVE-2020-24985
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9958
CSRF within the admin panel in Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to escalate privileges, or create new admin accounts by crafting a malicious web page that issues specific requests, using a target admin's session to process their requests...
CVE-2020-24982
An issue was discovered in Quadbase ExpressDashboard EDAB 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account...
CVE-2020-24982
An issue was discovered in Quadbase ExpressDashboard EDAB 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account...
CVE-2020-24985
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads...
CVE-2020-24985
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads...
Cross site request forgery (csrf)
An issue was discovered in Quadbase ExpressDashboard EDAB 7 Update 9. It allows CSRF. An attacker may be able to trick an authenticated user into changing the email address associated with their account...
Design/Logic Flaw
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads...
CVE-2020-24985
An issue was discovered in Quadbase EspressReports ES 7 Update 9. An authenticated user is able to navigate to the MenuPage section of the application, and change the frmsrc parameter value to retrieve and execute external files or payloads...
CVE-2020-24985
Quadbase EspressReports ES 7 Update 9 is affected. An authenticated user can alter the frmsrc parameter on the MenuPage to retrieve and execute external files or payloads, indicating an input handling/parameter manipulation vulnerability that enables potentially remote file execution within the a...