Lucene search
K

24 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2020-4158

Malware in sbrugna...

9.8CVSS9.2AI score0.01838EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2020-4162

Malware in sbrugna...

9.8CVSS9.2AI score0.01838EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.0 views

EUVD-2020-4154

Malware in sbrugna...

9.8CVSS9.2AI score0.01681EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/22 5:24 p.m.3 views

CVE-2020-11821

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...

5.3CVSS5.6AI score0.01103EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:53 p.m.2 views

CVE-2020-11812

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters0value or filters1value parameter...

9.8CVSS8AI score0.01681EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:33 p.m.8 views

CVE-2020-11813

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous...

5.4CVSS5.8AI score0.00516EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:11 p.m.6 views

CVE-2020-11816

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reportsid POST parameter...

9.8CVSS8AI score0.01838EPSS
Exploits1References1
OSV
OSV
added 2020/04/27 3:15 p.m.4 views

CVE-2020-11817

In Rukovoditel V2.5.2, attackers can upload an arbitrary file to the server just changing the the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs with the Maintenance Mode setting...

9.8CVSS5.9AI score0.01991EPSS
Exploits1References1
OSV
OSV
added 2020/04/27 3:15 p.m.3 views

CVE-2020-11822

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...

6.1CVSS5.8AI score0.008EPSS
Exploits1References1
NVD
NVD
added 2020/04/27 3:15 p.m.20 views

CVE-2020-11821

In Rukovoditel 2.5.2, users' passwords and usernames are stored in a cookie with URL encoding, base64 encoding, and hashing. Thus, an attacker can easily apply brute force on them...

5.3CVSS5.3AI score0.01103EPSS
Exploits1References1
NVD
NVD
added 2020/04/27 3:15 p.m.15 views

CVE-2020-11822

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...

6.1CVSS6AI score0.008EPSS
Exploits1References1
NVD
NVD
added 2020/04/16 7:15 p.m.19 views

CVE-2020-11815

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting...

9.8CVSS9.7AI score0.02308EPSS
Exploits1References1
OSV
OSV
added 2020/04/16 7:15 p.m.1 views

CVE-2020-11812

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters0value or filters1value parameter...

9.8CVSS7.3AI score0.01681EPSS
Exploits0References2
NVD
NVD
added 2020/04/16 7:15 p.m.11 views

CVE-2020-11812

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters0value or filters1value parameter...

9.8CVSS9.8AI score0.01681EPSS
Exploits0References2
NVD
NVD
added 2020/04/16 7:15 p.m.12 views

CVE-2020-11820

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the entitiesid parameter...

9.8CVSS9.8AI score0.01838EPSS
Exploits1References1
NVD
NVD
added 2020/04/16 7:15 p.m.14 views

CVE-2020-11813

In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the configuration page via the copyright text input. Thus, an attacker can inject a malicious script to steal all users' valuable data. This copyright text is on every page so this attack vector can be very dangerous...

5.4CVSS5.2AI score0.00516EPSS
Exploits0References1
Prion
Prion
added 2020/04/16 7:15 p.m.17 views

Code injection

In Rukovoditel 2.5.2, attackers can upload arbitrary file to the server by just changing the content-type value. As a result of that, an attacker can execute a command on the server. This specific attack only occurs without the Maintenance Mode setting...

6.8CVSS9.6AI score0.02308EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/16 7:15 p.m.18 views

Cross site request forgery (csrf)

In Rukovoditel 2.5.2 has a formsessiontoken value to prevent CSRF attacks. This protection mechanism can be bypassed with another user's valid token. Thus, an attacker can change the Admin password by using a CSRF attack and escalate his/her privileges...

6.8CVSS8.8AI score0.00839EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/16 7:15 p.m.12 views

Sql injection

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the reportsid POST parameter...

7.5CVSS9.7AI score0.01838EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2020/04/16 7:15 p.m.13 views

Sql injection

Rukovoditel 2.5.2 is affected by a SQL injection vulnerability because of improper handling of the filters0value or filters1value parameter...

7.5CVSS9.7AI score0.01681EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder