Lucene search
K

6 matches found

BDU FSTEC
BDU FSTEC
added 2022/08/17 12:0 a.m.7 views

The vulnerability of the Rapid7 Nexpose vulnerability management system lies in the insufficient protection of the SQL query structure. This allows attackers to manipulate the “ANY” and “OR” operators in SearchCriteria, thereby allowing them to inject malicious SQL code.

The vulnerability of the Rapid7 Nexpose vulnerability management system is related to insufficient protection of the SQL query structure. Exploiting this vulnerability allows a malicious actor to manipulate the “ANY” and “OR” operators in SearchCriteria and introduce malicious SQL code...

9CVSS7.7AI score0.01183EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2022/03/18 12:0 a.m.20 views

Rapid7 Nexpose has an unspecified vulnerability (CNVD-2022-21217)

Rapid7 Nexpose is a set of vulnerability management software from Rapid7, Inc. that can use the scan results to deeply probe the network. Rapid7 Nexpose version 6.6.93 and earlier versions have a security vulnerability that stems from the fact that Rapid7 Nexpose version 6.6.93 and earlier versio...

8.8CVSS2.9AI score0.01183EPSS
Exploits0References1
OSV
OSV
added 2022/03/17 11:15 p.m.3 views

CVE-2022-0757

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code...

8.8CVSS7.4AI score0.01183EPSS
Exploits0References1
NVD
NVD
added 2022/03/17 11:15 p.m.13 views

CVE-2022-0757

Rapid7 Nexpose versions 6.6.93 and earlier are susceptible to an SQL Injection vulnerability, whereby valid search operators are not defined. This lack of validation can allow a logged-in, authenticated attacker to manipulate the "ANY" and "OR" operators in the SearchCriteria and inject SQL code...

8.8CVSS0.01183EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2018/05/09 9:20 a.m.16 views

rad-inc.vasculardomain.com XSS vulnerability

Open Bug Bounty ID: OBB-614277 Description| Value ---|--- Affected Website:| rad-inc.vasculardomain.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2018/05/09 9:20 a.m.9 views

floridavascular.com XSS vulnerability

Open Bug Bounty ID: OBB-614276 Description| Value ---|--- Affected Website:| floridavascular.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Exploits0
Rows per page
Query Builder