95 matches found
EUVD-2015-5964
Malware in sbrugna...
EUVD-2014-3683
Malware in sbrugna...
EUVD-2020-16198
Malware in sbrugna...
EUVD-2020-16197
Malware in sbrugna...
EUVD-2012-2934
Malware in sbrugna...
EUVD-2020-18533
Malware in sbrugna...
EUVD-2012-6504
Malware in sbrugna...
EUVD-2021-30523
Malicious code in bioql PyPI...
CVE-2021-43609
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the orderbyforticket function in app/models/reporting/databasequery.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be...
CVE-2020-25901
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages...
CVE-2020-23451
Spiceworks Version = 7.5.00107 is affected by CSRF which can lead to privilege escalation via "/settings/v1/users" function...
CVE-2020-23450
Spiceworks Version = 7.5.00107 is affected by XSS. Any name typed on Custom Groups function is vulnerable to stored XSS as they displayed on http://127.0.0.1/inventory/groups/ without output sanitization...
CVE-2012-6658
Multiple cross-site scripting XSS vulnerabilities in SpiceWorks 5.3.75941 allow remote attackers to inject arbitrary web script or HTML via the 1 syslocation, 2 syscontact, or 3 sysName configuration in snmpd.conf. NOTE: this entry was SPLIT from CVE-2012-2956 per ADT2 due to different...
CVE-2021-43609
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the orderbyforticket function in app/models/reporting/databasequery.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be...
CVE-2021-43609
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the orderbyforticket function in app/models/reporting/databasequery.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be...
Sql injection
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the orderbyforticket function in app/models/reporting/databasequery.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be...
Spiceworks Security Breach
Spiceworks is an IT management software from the Spiceworks community. It focuses on simplifying the process of inventorying, monitoring networks, and generating reports for IT professionals in small and medium-sized businesses. A security vulnerability exists in Spiceworks Help Desk Server...
CVE-2021-43609
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the orderbyforticket function in app/models/reporting/databasequery.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be...
CVE-2021-43609
CVE-2021-43609 affects Spiceworks Help Desk Server prior to 1.3.3. A blind boolean SQL injection in the sort parameter via the order_by_for_ticket function (app/models/reporting/database_query.rb) allows an authenticated attacker to execute arbitrary SQL commands, enabling leakage of local files ...
CVE-2021-43609
An issue was discovered in Spiceworks Help Desk Server before 1.3.3. A Blind Boolean SQL injection vulnerability within the orderbyforticket function in app/models/reporting/databasequery.rb allows an authenticated attacker to execute arbitrary SQL commands via the sort parameter. This can be...