Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:50 p.m.9 views

CVE-2026-21404

NAVTOR NavBox through version 4.16.1.20 contains hard-coded credentials within its Windows Communication Foundation SOAP implementation. If the SOAP functionality is enabled, a local attacker can extract credentials to bypass the intended transfer workflow. Successful authentication against the...

6.3CVSS5.5AI score0.00122EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2026/05/01 11:24 a.m.8 views

ai.platon.pulsar:pulsar-persist (>=1.9.0 <=1.10.23), be.eliwan:eoddata-client (=1.0) +2282 more potentially affected by CVE-2026-42404 via org.apache.neethi:neethi (>=3.0.0 <=3.2.1)

org.apache.neethi:neethi MAVEN version =3.0.0, =1.9.0, =1.1.7, =1.1.9, =1.2.5, =3.00.4, =3.00.3, =4.00.10, =11.4-37, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.0.0.RELEASE, =3.1.0.RELEASE and more Source cves: CVE-2026-42404 Source advisory: SNYK:JAVA-ORGAPACHENEETHI-16354029...

7.2CVSS5.4AI score0.00497EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/07 9:34 a.m.13 views

CVE-2019-7951

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP reques...

7.5CVSS6.3AI score0.01186EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/10/23 12:0 a.m.5 views

Veeder-Root TLS4B Automatic Tank Gauge System 命令注入漏洞

Veeder-Root TLS4B Automatic Tank Gauge System is a security management system for gas stations, tank farms, or industrial storage tanks from Veeder-Root, Inc. The Veeder-Root TLS4B Automatic Tank Gauge System suffers from a command injection vulnerability that stems from the SOAP interface being...

9.9CVSS7.6AI score0.01308EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2004-1809

Malware in sbrugna...

5CVSS6.4AI score0.02632EPSS
Exploits0References7
Github Security Blog
Github Security Blog
added 2022/05/24 4:52 p.m.20 views

Magento 2 Community Edition Information Leak

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP reques...

7.5CVSS6.5AI score0.01186EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2019/08/02 10:15 p.m.12 views

Information disclosure

An information leakage vulnerability exists in Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. A SOAP web service endpoint does not properly enforce parameters related to access control. This could be abused to leak customer information via crafted SOAP reques...

5CVSS7.1AI score0.01186EPSS
Exploits0References1Affected Software1
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.36 views

Oracle Business Transaction Management FlashTunnelService Remote Code Execution

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2014/06/24 12:0 a.m.31 views

Alienvault Open Source SIEM (OSSIM) - av-centerd Command Injection (Metasploit)

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 'AlienVault OSSIM av-centerd Command Injection', 'Description' = %q This module exploits a code execution fla...

10CVSS7AI score0.72376EPSS
Exploits9
Packet Storm
Packet Storm
added 2014/06/19 12:0 a.m.33 views

AlienVault OSSIM av-centerd Command Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rexml/document' class Metasploit3 'AlienVault OSSIM av-centerd Command Injection', 'Description' = %q This module exploits a code execution fla...

10CVSS0.7AI score0.72376EPSS
Exploits9
Metasploit
Metasploit
added 2014/06/16 5:10 p.m.23 views

AlienVault OSSIM av-centerd Command Injection

This module exploits a code execution flaw in AlienVault 4.6.1 and prior. The vulnerability exists in the av-centerd SOAP web service, where the updatesysteminfodebianpackage method uses perl backticks in an insecure way, allowing command injection. This module has been tested successfully on...

10CVSS0.3AI score0.72376EPSS
Exploits9
Tenable Nessus
Tenable Nessus
added 2014/02/03 12:0 a.m.271 views

SAP Host Agent SOAP Web Service Information Disclosure (SAP Note 1816536)

The version of SAP Host Agent discloses sensitive system information, such as operating system version, databases version, CPU make and model, and information on network interfaces. A remote, unauthenticated attacker could use this to specialize attacks. %NASLMINLEVEL 70300 C Tenable Network...

5CVSS5.5AI score0.20346EPSS
Exploits2References3
Exploit DB
Exploit DB
added 2013/08/26 12:0 a.m.37 views

Oracle Endeca Server - Remote Command Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle Endeca Server Remote Command...

5.5CVSS7.4AI score0.5984EPSS
Exploits8
Tenable Nessus
Tenable Nessus
added 2013/06/05 12:0 a.m.37 views

SAP Control SOAP Web Service Remote Code Execution (SAP Note 1414444)

The version of SAP Control, offered by 'sapstartsrv.exe', reportedly contains an arbitrary remote code execution vulnerability. A malformed SOAP request via POST can be used to reach an unbounded copy loop, which results in attacker-supplied data being written into existing function pointers. A...

6.6AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2012/09/25 12:0 a.m.344 views

SAP Host Control SOAP Web Service 'Database/Name' Command Execution (SAP Note 1341333)

The version of SAP Host Control, offered by 'sapstartsrv.exe', fails to sanitize user input to the 'Database/Name' parameter when calling the 'GetDatabaseStatus' SOAP method. A remote, unauthenticated attacker may use this to run commands that, by default, run as SYSTEM. Note that while this...

5.5AI score
Exploits0References2
Metasploit
Metasploit
added 2012/09/14 2:54 p.m.39 views

Oracle Business Transaction Management FlashTunnelService Remote Code Execution

This module exploits abuses the FlashTunnelService SOAP web service on Oracle Business Transaction Management 12.1.0.7 to upload arbitrary files, without authentication, using the WriteToFile method. The same method contains a directory traversal vulnerability, which allows to upload the files to...

8.1AI score
Exploits0
Saint
Saint
added 2012/08/29 12:0 a.m.32 views

SAP NetWeaver SAPHostControl Command Injection

Added: 08/29/2012 BID: 55084 OSVDB: 84821 Background SAP NetWeaver is a technology platform for building and integrating SAP business applications. Problem The NetWeaver management console exposes an authenticated SOAP web service interface. During the authentication phase, user-supplied values...

8.1AI score
Exploits0
NVD
NVD
added 2004/03/15 5:0 a.m.13 views

CVE-2004-1816

Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service memory consumption...

5CVSS6.7AI score0.02632EPSS
Exploits0References6
Rows per page
Query Builder