Lucene search
K

29 matches found

Packet Storm
Packet Storm
added 2025/03/26 12:0 a.m.301 views

Eramba Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Eramba. An authenticated user can execute arbitrary commands on the server by exploiting the path parameter in the download-test-pdf endpoint. Eramba debug mode has to be enabled. Versions up to 3.19.1 are affected. This...

8.8CVSS8.5AI score0.57359EPSS
Exploits6
0day.today
0day.today
added 2023/08/01 12:0 a.m.361 views

Eramba 3.19.1 Remote Command Execution Exploit

Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community edition Vendor: Eramba Limited,...

8.8CVSS7.1AI score0.57359EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/08/01 12:0 a.m.283 views

Eramba 3.19.1 Remote Command Execution

Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...

7.1AI score0.57359EPSS
Exploits6
0day.today
0day.today
added 2023/01/30 12:0 a.m.256 views

Micro Focus GroupWise Session ID Disclosure Vulnerability

Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the...

4.3CVSS4.7AI score0.00844EPSS
Exploits2
Packet Storm
Packet Storm
added 2023/01/27 12:0 a.m.290 views

Micro Focus GroupWise Session ID Disclosure

Trovent Security Advisory 2203-01 Micro Focus GroupWise transmits session ID in URL Overview Advisory ID: TRSA-2203-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2203-01 Affected product: Micro Focus GroupWise Affected version: prior to 18.4.2...

4.3CVSS4.8AI score0.00844EPSS
Exploits2
0day.today
0day.today
added 2022/08/19 12:0 a.m.371 views

Polar Flow Android 5.7.1 Secret Disclosure Vulnerability

Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application fi.polar.polarflow Affected version: 5.7.1...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/08/18 12:0 a.m.315 views

Polar Flow Android 5.7.1 Secret Disclosure

Trovent Security Advisory 2110-01 Insecure data storage in Polar Flow Android application Overview Advisory ID: TRSA-2110-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2110-01 Affected product: Polar Flow Android mobile application...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/27 12:0 a.m.225 views

Zepp 6.1.4-play User Account Enumeration

Trovent Security Advisory 2108-02 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/04/27 12:0 a.m.237 views

Zepp 6.1.4-play User Account Enumeration Vulnerability

Zepp 6.1.4-play User Account Enumeration User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application com.huami.watch.hmwatchmanager Tested...

0.2AI score
Exploits0
0day.today
0day.today
added 2022/02/03 12:0 a.m.227 views

Vivellio 1.2.1 User Account Enumeration Vulnerability

Vivellio version 1.2.1 suffers from a user account enumeration vulnerability. User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...

0.5AI score
Exploits0
Packet Storm
Packet Storm
added 2022/02/03 12:0 a.m.228 views

Vivellio 1.2.1 User Account Enumeration

Trovent Security Advisory 2108-01 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/12/15 12:0 a.m.429 views

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection Vulnerability

OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality. Authenticated SQL injection in OpenEMR calendar search Overview Advisory version: 1.0 Advisory status: Public Advisory URL:...

6.8CVSS0.4AI score0.13653EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/12/15 12:0 a.m.473 views

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection

Trovent Security Advisory 2109-01 Authenticated SQL injection in OpenEMR calendar search Overview Advisory ID: TRSA-2109-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2109-01 Affected product: OpenEMR web application Tested versions: 6.0.0,...

0.1AI score0.13653EPSS
Exploits3
0day.today
0day.today
added 2021/11/10 12:0 a.m.344 views

Dolibarr ERP / CRM 13.0.2 Cross Site Scripting Vulnerability

Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits:...

6.1CVSS6.4AI score0.79282EPSS
Exploits3
0day.today
0day.today
added 2021/11/10 12:0 a.m.444 views

Dolibarr ERP / CRM 13.0.2 Remote Code Execution Vulnerability

Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits: Trovent Security GmbH, Nick Decker Detailed...

9.8CVSS9.2AI score0.03815EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.619 views

Dolibarr ERP / CRM 13.0.2 Remote Code Execution

Trovent Security Advisory 2106-01 Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2106-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2106-01 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr...

9.2AI score0.03815EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.549 views

Dolibarr ERP / CRM 13.0.2 Cross Site Scripting

Trovent Security Advisory 2105-02 Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2105-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2...

6.4AI score0.79282EPSS
Exploits3
0day.today
0day.today
added 2021/11/06 12:0 a.m.394 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy Vulnerability

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checke...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.417 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy

Trovent Security Advisory 2104-03 Missing server-side password policy Overview Advisory ID: TRSA-2104-03 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-03 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.362 views

VeryFitPro 3.2.8 Insecure Transit

Trovent Security Advisory 2105-01 Unencrypted cleartext transmission of sensitive information Overview Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application...

0.1AI score0.01094EPSS
Exploits3
Rows per page
Query Builder