Lucene search
+L

16 matches found

OSV
OSV
added 2025/01/13 10:15 p.m.5 views

CVE-2023-42242

An issue was discovered in Selesta Visual Access Manager VAM prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/sterminal.php...

3.8CVSS5.8AI score0.00315EPSS
Exploits0References1
NVD
NVD
added 2020/02/26 4:15 p.m.17 views

CVE-2019-19993

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths...

5.3CVSS5.3AI score0.01243EPSS
Exploits1References3
NVD
NVD
added 2020/02/26 4:15 p.m.17 views

CVE-2019-19994

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows blind Command Injection. An attacker without authentication is able to execute arbitrary operating system command by injecting the vulnerable parameter in the PHP Web page /common/vammonitorsap.php...

10CVSS10AI score0.04839EPSS
Exploits1References3
NVD
NVD
added 2020/02/26 4:15 p.m.20 views

CVE-2019-19987

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

6.5CVSS6.5AI score0.00546EPSS
Exploits1References3
Prion
Prion
added 2020/02/26 4:15 p.m.16 views

Cross site request forgery (csrf)

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

4.3CVSS6.5AI score0.00546EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/02/26 4:15 p.m.18 views

Cross site scripting

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Reflected Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vamanagraphic.php, /vam/vamvamuser.php, /common/vampmain.php...

3.5CVSS5.2AI score0.00856EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/02/26 4:15 p.m.11 views

Path traversal

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several full path disclosure vulnerability were discovered. A user, even with no authentication, may simply send arbitrary content to the vulnerable pages to generate error messages that expose some full paths...

5CVSS5.3AI score0.01243EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/02/26 4:15 p.m.13 views

Cross site scripting

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Stored Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /monitor/sheadmodel.php and /vam/vamuser.php...

3.5CVSS5.2AI score0.00856EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/02/26 4:15 p.m.16 views

Authorization

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

5CVSS7.6AI score0.01341EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2020/02/26 4:15 p.m.10 views

Design/Logic Flaw

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vameditXml.php doesn't check the parameter that identifies the file name to be read. Thus, an...

4CVSS6.4AI score0.01123EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/02/26 3:16 p.m.24 views

CVE-2019-19987

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. It allows Cross-Site Request Forgery CSRF on any HTML form. An attacker can exploit the vulnerability to abuse functionalities such as change password, add user, add privilege, and so on...

6.5AI score0.00546EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/02/26 3:15 p.m.17 views

CVE-2019-19988

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to create and write XML files on the filesystem via /common/vameditXml.php in the web interface. The vulnerable PHP page checks none of these: the parameter that identifies the...

8.8AI score0.01462EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/02/26 3:13 p.m.20 views

CVE-2019-19989

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Several PHP pages, and other type of files, are reachable by any user without checking for user identity and authorization...

7.7AI score0.01341EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/02/26 3:10 p.m.23 views

CVE-2019-19991

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. Multiple Reflected Cross-site scripting XSS vulnerabilities allow remote authenticated users to inject arbitrary web script or HTML via the web pages /vam/vamanagraphic.php, /vam/vamvamuser.php, /common/vampmain.php...

5.4AI score0.00856EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/02/26 3:9 p.m.25 views

CVE-2019-19992

An issue was discovered in Selesta Visual Access Manager VAM 4.15.0 through 4.29. A user with valid credentials is able to read XML files on the filesystem via the web interface. The PHP page /common/vameditXml.php doesn't check the parameter that identifies the file name to be read. Thus, an...

6.4AI score0.01123EPSS
Exploits1References3
CVE
CVE
added 2020/02/26 3:9 p.m.57 views

CVE-2019-19992

The CVE refers to Selesta Visual Access Manager (VAM) versions 4.15.0 through 4.29. The vulnerability arises from /common/vam_editXml.php not validating the file-name parameter, allowing an authenticated user to read arbitrary XML files from the server filesystem via the web interface. This is a ...

6.5CVSS6.3AI score0.01123EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder