Lucene search
K

93 matches found

Positive Technologies
Positive Technologies
added 2023/03/23 12:0 a.m.4 views

PT-2023-21724 · Unknown · Smartcars 3

Name of the Vulnerable Software and Affected Versions: smartCARS 3 versions 0.5.8 and prior Description: The issue affects smartCARS 3, a flight tracking software. In the affected versions, failed login attempts result in passwords being stored in error logs. This does not occur in version 0.5.9...

8CVSS7.4AI score0.00356EPSS
Exploits0References3
CVE
CVE
added 2023/02/23 7:0 p.m.69 views

CVE-2023-22476

Summary: CVE-2023-22476 affects MantisBT (Mantis Bug Tracker) before 2.25.6 where insufficient access checks allow any logged‑in user with Group Actions privileges to read the Summary of private issues via a crafted bug_arr[] in bug_actiongroup_ext.php. Root cause: inadequate access control on pr...

4.3CVSS4.1AI score0.00608EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2022/06/28 5:50 p.m.29 views

CVE-2022-31068 Sensitive Data Exposure on Refused Inventory Files in GLPI

GLPI is a Free Asset and IT Management Software package, Data center management, ITIL Service Desk, licenses tracking and software auditing. In affected versions all GLPI instances with the native inventory used may leak sensitive information. The feature to get refused file is not authenticated...

5.3CVSS5.4AI score0.0085EPSS
Exploits2References2
Wired Threat Level
Wired Threat Level
added 2022/03/08 3:0 p.m.15 views

Chinese Spies Hacked a Livestock App to Breach US State Networks

Vulnerabilities in animal tracking software USAHERDS and Log4j gave the notorious APT41 group a foothold in multiple government systems...

1.1AI score
Exploits0
CNVD
CNVD
added 2022/03/01 12:0 a.m.38 views

JetBrains YouTrack Server-Side Template Injection Vulnerability (CNVD-2022-17758)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. JetBrains YouTrack is vulnerable to server-side template injection, which can be exploited by attackers to perform SSTI server-side template injection attacks...

9.8CVSS4.2AI score0.03627EPSS
Exploits1References1
CNVD
CNVD
added 2021/11/11 12:0 a.m.19 views

JetBrains YouTrack has an unspecified vulnerability (CNVD-2021-91661)

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows and monitoring project progress.JetBrains YouTrack Mobile 2021.2 previously had a security vulnerability that could ...

5.3CVSS4AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/05 12:0 a.m.6 views

Unspecified Vulnerability in JetBrains YouTrack (CNVD-2021-09914)

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack before 2020.6.1767, which stems from a...

5.3CVSS6.8AI score0.02565EPSS
Exploits0References1
CNVD
CNVD
added 2021/02/05 12:0 a.m.9 views

Unspecified Vulnerability in JetBrains YouTrack

JetBrains YouTrack is a browser-based bug tracking and project management software from the Czech company JetBrains. The software features bug tracking, creating workflows and monitoring project progress. A security vulnerability exists in JetBrains YouTrack that stems from doing improper resourc...

5.3CVSS6.8AI score0.0143EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2020/06/18 3:30 p.m.28 views

Facial recognition: tech giants take a step back

Last week, a few major tech companies informed the public that they will not provide facial recognition software to law enforcement. These companies are concerned about the way in which their technology might be used. What happens when software that threatens our privacy falls into the hands of...

6.7AI score
Exploits0
CNVD
CNVD
added 2018/01/05 12:0 a.m.5 views

gps-server.net GPS Tracking Software (self hosted) Remote Code Execution Vulnerability

gps-server.net GPS Tracking Software self hosted is a GPS location tracking program. The program is able to manage tracking history, reports, events, notifications and more. A security vulnerability exists in the 'writeLog' function in the fncommon.php file in gps-server.net GPS Tracking Software...

9.8CVSS7.1AI score0.06642EPSS
Exploits5References1
exploitpack
exploitpack
added 2018/01/05 12:0 a.m.55 views

gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities

gps-server.net GPS Tracking Software 3.1 - Multiple Vulnerabilities Exploit Title: GPS-SERVER.NET SAAS CMS Unfortunately each and every POST request in the CMS is going through function mysqlrealescapestring which will add slashes behind every quote in the payload. So you have to make sure your...

7.5CVSS0.5AI score0.06946EPSS
Exploits6
OSV
OSV
added 2018/01/02 3:29 p.m.4 views

CVE-2017-17097

gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...

9.8CVSS5.8AI score0.06946EPSS
Exploits5References3
NVD
NVD
added 2018/01/02 3:29 p.m.27 views

CVE-2017-17097

gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...

9.8CVSS9.5AI score0.06946EPSS
Exploits5References3
NVD
NVD
added 2018/01/02 3:29 p.m.26 views

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

9.8CVSS9.3AI score0.06642EPSS
Exploits5References3
Prion
Prion
added 2018/01/02 3:29 p.m.17 views

Cross site request forgery (csrf)

gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...

5CVSS9.5AI score0.06946EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2018/01/02 3:29 p.m.4 views

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

9.8CVSS6AI score0.06642EPSS
Exploits5References3
Prion
Prion
added 2018/01/02 3:29 p.m.22 views

Cross site request forgery (csrf)

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

7.5CVSS9.3AI score0.06642EPSS
Exploits5References3Affected Software1
Cvelist
Cvelist
added 2018/01/02 3:0 p.m.38 views

CVE-2017-17098

The writeLog function in fncommon.php in gps-server.net GPS Tracking Software self hosted through 3.0 allows remote attackers to inject arbitrary PHP code via a crafted request that is mishandled during admin log viewing, as demonstrated by in a login request...

9.4AI score0.06642EPSS
Exploits5References3
Cvelist
Cvelist
added 2018/01/02 3:0 p.m.33 views

CVE-2017-17097

gps-server.net GPS Tracking Software self hosted 2.x has a password reset procedure that immediately resets passwords upon an unauthenticated request, and then sends e-mail with a predictable date-based password to the admin, which makes it easier for remote attackers to obtain access by predicti...

9.6AI score0.06946EPSS
Exploits5References3
CVE
CVE
added 2018/01/02 3:0 p.m.67 views

CVE-2017-17098

CVE-2017-17098 affects gps-server.net GPS Tracking Software (self hosted) up to version 3.0. The vulnerability is in the writeLog function in fn_common.php, where crafted input logged during admin log viewing can cause remote code execution by injecting PHP code (example: in a login request). Co...

9.8CVSS9.3AI score0.06642EPSS
Exploits5References3Affected Software1
Rows per page
Query Builder