35 matches found
EUVD-2008-6317
Malware in sbrugna...
EUVD-2023-53838
Malicious code in bioql PyPI...
EUVD-2022-37783
Malicious code in bioql PyPI...
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...
Design/Logic Flaw
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...
PT-2024-13838 · Zoho · Zoho Manageengine Servicedesk Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine ServiceDesk Plus MSP versions prior to 14504 Description: The issue allows stored XSS via a task's name in a time sheet, which can be exploited by a low-privileged technician. Recommendations: For versions prior to 14504,...
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...
CVE-2023-49943
Zoho ManageEngine ServiceDesk Plus MSP before 14504 allows stored XSS by a low-privileged technician via a task's name in a time sheet...
CVE-2022-35291
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
CVE-2022-35291 Privilege escalation vulnerability in SAP SuccessFactors attachment API for Mobile Application(Android & iOS)
Due to misconfigured application endpoints, SAP SuccessFactors attachment APIs allow attackers with user privileges to perform activities with admin privileges over the network. These APIs were consumed in the SF Mobile application for Time Off, Time Sheet, EC Workflow, and Benefits. On successfu...
CVE-2022-34877
SQL Injection vulnerability in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailabl...
CVE-2022-34879
Reflected Cross Site Scripting XSS vulnerabilities in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via agent, and searcharchiveddata parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555...
CVE-2022-34877
SQL Injection vulnerability in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailabl...
CVE-2022-34879
Reflected Cross Site Scripting XSS vulnerabilities in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via agent, and searcharchiveddata parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555...
Cross site scripting
Reflected Cross Site Scripting XSS vulnerabilities in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via agent, and searcharchiveddata parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555...
Sql injection
SQL Injection vulnerability in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailabl...
CVE-2022-34879 VICIDial 2.14b0.5 SVN 3550 was discovered to contain multiple Cross Site Scripting (XSS) vulnerabilities at /vicidial/admin.php.
Reflected Cross Site Scripting XSS vulnerabilities in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via agent, and searcharchiveddata parameters. This issue affects: VICIdial 2.14b0.5 versions prior to 3555...
CVE-2022-34879
CVE-2022-34879 is a VICIdial XSS in the AST_agent_time_sheet.php interface, triggered via agent and search_archived_data parameters. The vulnerability affects VICIdial 2.14b0.5 versions prior to 3555. The connected records consistently describe a reflected XSS with client-side script execution ri...
CVE-2022-34877 VICIDial 2.14b0.5 SVN 3550 was discovered to contains a SQL injection vulnerability at /vicidial/AST_agent_time_sheet.php.
SQL Injection vulnerability in AST Agent Time Sheet interface /vicidial/ASTagenttimesheet.php of VICIdial via the agent parameter allows attacker to spoof identity, tamper with existing data, allow the complete disclosure of all data on the system, destroy the data or make it otherwise unavailabl...
CVE-2022-34877
CVE-2022-34877 is an authenticated SQL injection in VICIdial 2.14b0.5 prior to SVN revision 3555. The vulnerability occurs in the AST Agent Time Sheet interface via the /vicidial/AST_agent_time_sheet.php endpoint, specifically through the agent parameter, enabling an attacker to spoof identity, t...