Lucene search
K

27 matches found

CNNVD
CNNVD
added 2026/06/03 12:0 a.m.7 views

Spark Development Network Rock RMS 安全漏洞

Spark Development Network Rock RMS is a relationship management system developed by Spark Development Network, aimed at churches and non-profit organizations. There were security vulnerabilities in the Spark Development Network Rock RMS version 16.13 and versions prior to 17.7.0. These...

9CVSS4.9AI score0.00312EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/01/09 10:18 a.m.9 views

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

9.8CVSS7AI score0.0168EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:17 a.m.10 views

CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

9.8CVSS7.9AI score0.04098EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-8362

Malware in sbrugna...

9.8CVSS9.2AI score0.04098EPSS
Exploits1References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2019-8360

Malware in sbrugna...

9.8CVSS9.1AI score0.03348EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2025/05/22 10:21 a.m.8 views

CVE-2019-18641

Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller...

9.8CVSS6.9AI score0.03348EPSS
Exploits1References1
Huntr
Huntr
added 2022/05/12 3:7 a.m.11 views

Cross-site scripting and open redirect vulnerability on Rock RMS Login Page

Description The Rock RMS login page has a returnUrl parameter that is used to set window.location.href when the user has successfully logged in. An attacker can include a malicious JavaScript payload using a link crafted with the payload in the returnUrl parameter, such as 'javascript:...', that ...

0.6AI score
Exploits0References2
OSV
OSV
added 2021/01/07 9:15 p.m.3 views

CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

9.8CVSS6.3AI score0.04098EPSS
Exploits1References1
NVD
NVD
added 2021/01/07 9:15 p.m.22 views

CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

9.8CVSS9.8AI score0.04098EPSS
Exploits1References1
NVD
NVD
added 2021/01/07 9:15 p.m.15 views

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

9.8CVSS9.4AI score0.0168EPSS
Exploits1References1
OSV
OSV
added 2021/01/07 9:15 p.m.5 views

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

9.8CVSS7.3AI score0.0168EPSS
Exploits1References1
Prion
Prion
added 2021/01/07 9:15 p.m.21 views

Design/Logic Flaw

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

7.5CVSS9.3AI score0.0168EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2021/01/07 9:15 p.m.17 views

Remote code execution

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

7.5CVSS9.7AI score0.04098EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/01/07 8:45 p.m.19 views

CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any user to change account details of any other user. This vulnerability could be used to change the...

9.4AI score0.0168EPSS
Exploits1References1
CVE
CVE
added 2021/01/07 8:45 p.m.75 views

CVE-2019-18642

CVE-2019-18642 affects Rock RMS prior to version 8.6. The issue is an account takeover via tampering with the user ID parameter in the profile update flow, due to lack of validation and use of sequential user IDs. This allows a user to modify another account’s details (including email) with poten...

9.8CVSS9.3AI score0.0168EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/01/07 8:45 p.m.27 views

CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypassed by adding multiple spaces and periods after the file name. This could allow an attacker to uplo...

9.8AI score0.04098EPSS
Exploits1References1
CVE
CVE
added 2021/01/07 8:45 p.m.73 views

CVE-2019-18643

Rock RMS is affected by CVE-2019-18643 in versions before 8.10 and 9.0–9.3 where uploaded files are validated only via a blacklist of extensions. Attackers can bypass this by adding multiple spaces and periods after the filename, enabling upload of ASPX code and potential remote code execution, w...

9.8CVSS9.7AI score0.04098EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.6 views

Rock RMS Code Issues Vulnerabilities

Rock RMS is a church management system. A security vulnerability exists in Rock RMS versions prior to 8.10 and versions 9.0 through 9.3. The vulnerability stems from an inability to properly validate files uploaded in the application. The only protection mechanism is a file extension blacklist,...

9.8CVSS7.8AI score0.04098EPSS
Exploits1References2
CNNVD
CNNVD
added 2021/01/04 12:0 a.m.4 views

Rock RMS Security Vulnerability

Rock RMS is a church management system. Versions of Rock RMS prior to 8.6 have a security vulnerability. An attacker could easily take over an account by tampering with the user id parameter in the profile update. Due to the lack of authentication and the use of consecutive user ids, any user can...

9.8CVSS5.8AI score0.0168EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2021/01/04 12:0 a.m.266 views

Rock RMS File Upload / Account Takeover / Information Disclosure

Title ========================= Multiple vulnerabilities found in Rock RMS including RCE and account takeover. A total of three CVEs were issued for the vulnerabilities CVE-2019-18641, CVE-2019-18642, CVE-2019-18643 Product Description ========================= Rock RMS is an open source CRM...

7.5CVSS0.3AI score0.04098EPSS
Exploits1
Rows per page
Query Builder