Lucene search
K

377 matches found

Vulnrichment
Vulnrichment
added 2022/01/14 5:1 a.m.12 views

CVE-2022-20658 Cisco Unified Contact Center Management Portal and Unified Contact Center Domain Manager Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP and Cisco Unified Contact Center Domain Manager Unified CCDM could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due t...

9.6CVSS6.8AI score0.01393EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/01/13 12:0 a.m.5 views

CVE-2022-20658

A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP and Cisco Unified Contact Center Domain Manager Unified CCDM could allow an authenticated, remote attacker to elevate their privileges to Administrator. This vulnerability is due t...

9.6CVSS7.5AI score0.01393EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.4 views

Fresenius Kabi Agilia Connect Infusion System 授权问题漏洞

The Fresenius Kabi Agilia Connect Infusion System is an infusion system from Fresenius Kabi of Germany. A security vulnerability exists in the Fresenius Kabi Agilia Connect Infusion System, which stems from an application that allows user input to be validated on the client side without server...

9.8CVSS8.3AI score0.00978EPSS
Exploits0References5
Packet Storm
Packet Storm
added 2021/11/02 12:0 a.m.311 views

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page: https://www.i3international.com Affected version: V5.2.0 build 150317 Ax46 V5.0.9 build 151106 Ax68 V5.0.9 build 150615 Ax78 Summary: The Annexxus camera 6MP provides 4 simultaneous...

7.1AI score
Exploits0
0day.today
0day.today
added 2021/11/02 12:0 a.m.321 views

i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw Vulnerability

Exploit Title: i3 International Annexxus Cameras Ax-n 5.2.0 - Application Logic Flaw Exploit Author: LiquidWorm Vendor Homepage: https://www.i3international.com i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw Vendor: i3 International Inc. Product web page:...

7.1AI score
Exploits0
Zero Science Lab
Zero Science Lab
added 2021/11/01 12:0 a.m.466 views

i3 International Annexxus Cameras Ax-n 5.2.0 Application Logic Flaw

Summary The Annexxus camera 6MP provides 4 simultaneous, independently controlled digital pan-tilt-zoom ePTZ video streams, which may be recorded or viewed live as well as a built-in microphone and speaker allowing two way communication. Description The application doesn't allow creation of more...

8.1CVSS7.1AI score0.00974EPSS
Exploits1
OSV
OSV
added 2021/06/01 2:15 p.m.4 views

CVE-2021-24334

The Instant Images – One Click Unsplash Uploads WordPress plugin before 4.4.0.1 did not properly validate and sanitise its unsplashdownloadw and unsplashdownloadh parameter settings /wp-admin/upload.php?page=instant-images, only validating them client side before saving them, leading to a Stored...

5.4CVSS5.8AI score0.00659EPSS
Exploits2References2
Huntr
Huntr
added 2021/05/18 1:15 a.m.42 views

Cross-site Scripting (XSS) - Stored in knadh/listmonk

💥 BUG Stored xss via file upload 💥 SUMMURY uploaded file extension only checked in client-side javascript. It must be also checked in server side so that user cant upload html file instead of image . 💥 STEP TO REPRODUCE 1. From your account goto http://localhost:9000/campaigns/media and upload a...

7AI score
Exploits0
CNNVD
CNNVD
added 2021/04/19 12:0 a.m.7 views

Wagtail 跨站脚本漏洞

Torchbox Wagtail is an open source content management system CMS from Torchbox UK. A security vulnerability exists in Wagtail that stems from the fact that Wagtail does not apply server-side checks to ensure that the link url uses a valid protocol...

6.1CVSS5.5AI score0.00626EPSS
Exploits0References3
Cvelist
Cvelist
added 2021/04/05 6:27 p.m.91 views

CVE-2021-24208 WP Page Builder < 1.2.4 - Multiple Stored Cross-Site scripting (XSS)

The editor of the WP Page Builder WordPress plugin before 1.2.4 allows lower-privileged users to insert unfiltered HTML, including JavaScript, into pages via the “Raw HTML” widget and the “Custom HTML” widgets though the custom HTML widget requires sending a crafted request - it appears that this...

5.6AI score0.00658EPSS
Exploits1References2
BDU FSTEC
BDU FSTEC
added 2021/03/30 12:0 a.m.4 views

The vulnerability of the IBM QRadar SIEM system for event collection and analysis lies in insufficient validation of requests on the server side. This allows attackers to send unauthorized requests and disclose sensitive information that should be protected.

The vulnerability of the IBM QRadar SIEM event collection and analysis system is related to insufficient validation of requests on the server side. Exploiting this vulnerability allows a malicious actor to send unauthorized requests and disclose protected information...

5.5CVSS5.8AI score0.00541EPSS
Exploits1References5
Packet Storm
Packet Storm
added 2020/09/03 12:0 a.m.521 views

Hyland OnBase SQL Injection

CVSSv3.1 Score ------------------------------------------------- AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H Vendor ------------------------------------------------- Hyland Software - https://www.hyland.com/en/ and https://www.onbase.com/en/ Product ------------------------------------------------- Hylan...

Exploits0
RedHat Linux
RedHat Linux
added 2020/08/27 4:3 p.m.3 views

CloudForms: Business logic bypass through widgets

A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields...

6.5CVSS5.7AI score0.00877EPSS
Exploits0References4
OSV
OSV
added 2020/08/11 1:15 p.m.5 views

CVE-2020-10778

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior...

6CVSS5.8AI score0.00877EPSS
Exploits0References2
Prion
Prion
added 2020/08/11 1:15 p.m.23 views

Input validation

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior...

6.5CVSS6.6AI score0.00877EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2020/08/11 12:25 p.m.106 views

CVE-2020-10778

CVE-2020-10778 affects Red Hat CloudForms (CFME) 4.7 and 5, where read-only widgets can be edited by removing the disabled attribute due to missing server-side validation, bypassing business logic. The issue is addressed in Red Hat Security Advisory RHSA-2020:3574 for CloudForms 4.7.16 (and relat...

6.5CVSS5.8AI score0.00877EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2020/08/11 12:25 p.m.31 views

CVE-2020-10778

In Red Hat CloudForms 4.7 and 5, the read only widgets can be edited by inspecting the forms and dropping the disabled attribute from the fields since there is no server-side validation. This business logic flaw violate the expected behavior...

7.5AI score0.00877EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/08/06 2:34 p.m.4 views

CloudForms: Business logic bypass through widgets

A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields...

6.5CVSS5.7AI score0.00877EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2020/08/03 2:15 p.m.27 views

CVE-2020-10778

A business logic flaw was found in Red Hat CloudForms where the read-only values of the Widgets could be altered. An attacker with low privileges could bypass server-side validation by dropping the disabled attribute from the fields...

6.5CVSS3.1AI score0.00877EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/07/07 7:39 p.m.23 views

CVE-2020-15008

A SQLi exists in the probe code of all Connectwise Automate versions before 2020.7 or 2019.12. A SQL Injection in the probe implementation to save data to a custom table exists due to inadequate server side validation. As the code creates dynamic SQL for the insert statement and utilizes the user...

8.1AI score0.0089EPSS
Exploits0References1
Rows per page
Query Builder