Lucene search
K

19 matches found

Packet Storm
Packet Storm
added 2025/03/26 12:0 a.m.307 views

Eramba Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in Eramba. An authenticated user can execute arbitrary commands on the server by exploiting the path parameter in the download-test-pdf endpoint. Eramba debug mode has to be enabled. Versions up to 3.19.1 are affected. This...

8.8CVSS8.5AI score0.57359EPSS
Exploits6
Packet Storm
Packet Storm
added 2023/08/01 12:0 a.m.284 views

Eramba 3.19.1 Remote Command Execution

Trovent Security Advisory 2303-01 Authenticated remote code execution in Eramba Overview Advisory ID: TRSA-2303-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2303-01 Affected product: Eramba Affected version: 3.19.1 Enterprise and Community...

7.1AI score0.57359EPSS
Exploits6
0day.today
0day.today
added 2023/01/30 12:0 a.m.258 views

Micro Focus GroupWise Session ID Disclosure Vulnerability

Micro Focus GroupWise is a messaging software for email and personal information management. Trovent Security GmbH discovered that the GroupWise web application transmits the session ID in HTTP GET requests in the URL when email content is accessed. The exposed session ID can be recorded in the...

4.3CVSS4.7AI score0.00844EPSS
Exploits2
0day.today
0day.today
added 2022/04/27 12:0 a.m.238 views

Zepp 6.1.4-play User Account Enumeration Vulnerability

Zepp 6.1.4-play User Account Enumeration User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application com.huami.watch.hmwatchmanager Tested...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2022/04/27 12:0 a.m.226 views

Zepp 6.1.4-play User Account Enumeration

Trovent Security Advisory 2108-02 User account enumeration in password reset function Overview Advisory ID: TRSA-2108-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-02 Affected product: Zepp Android mobile application...

7.4AI score
Exploits0
0day.today
0day.today
added 2022/02/03 12:0 a.m.227 views

Vivellio 1.2.1 User Account Enumeration Vulnerability

Vivellio version 1.2.1 suffers from a user account enumeration vulnerability. User account enumeration in password reset function Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2108-01 Affected product: Vivellio Android mobile application...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/12/15 12:0 a.m.431 views

OpenEMR 6.0.0 / 6.1.0-dev SQL Injection Vulnerability

OpenEMR versions 6.0.0 and 6.1.0-dev suffer from an authenticated remote SQL injection vulnerability in the calendar search functionality. Authenticated SQL injection in OpenEMR calendar search Overview Advisory version: 1.0 Advisory status: Public Advisory URL:...

6.8CVSS0.4AI score0.13653EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/10 12:0 a.m.622 views

Dolibarr ERP / CRM 13.0.2 Remote Code Execution

Trovent Security Advisory 2106-01 Authenticated remote code execution in Dolibarr ERP & CRM Overview Advisory ID: TRSA-2106-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2106-01 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr...

9.2AI score0.03815EPSS
Exploits3
0day.today
0day.today
added 2021/11/10 12:0 a.m.350 views

Dolibarr ERP / CRM 13.0.2 Cross Site Scripting Vulnerability

Stored cross-site scripting in Dolibarr ERP & CRM Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-02 Affected product: Dolibarr ERP & CRM Tested versions: Dolibarr 13.0.2 Vendor: Dolibarr foundation, https://www.dolibarr.org Credits:...

6.1CVSS6.4AI score0.79282EPSS
Exploits3
0day.today
0day.today
added 2021/11/06 12:0 a.m.399 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy Vulnerability

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 are missing a server-side password policy. When creating an account or changing your password the mobile and web application both check the password against the password policy. But the API assumes that the given password is already checke...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.419 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 Missing Password Policy

Trovent Security Advisory 2104-03 Missing server-side password policy Overview Advisory ID: TRSA-2104-03 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-03 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested...

7.1AI score
Exploits0
Packet Storm
Packet Storm
added 2021/06/17 12:0 a.m.363 views

VeryFitPro 3.2.8 Insecure Transit

Trovent Security Advisory 2105-01 Unencrypted cleartext transmission of sensitive information Overview Advisory ID: TRSA-2105-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2105-01 Affected product: VeryFitPro Android mobile application...

0.1AI score0.01094EPSS
Exploits3
0day.today
0day.today
added 2021/06/04 12:0 a.m.39 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 User Enumeration Vulnerability

User enumeration through API Overview Advisory ID: TRSA-2104-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2104-01 Affected product: HealthForYou & Sanitas HealthCoach mobile and web applications Tested versions: HealthForYou 1.11.1...

7.4AI score
Exploits0
0day.today
0day.today
added 2021/06/04 12:0 a.m.46 views

HealthForYou 1.11.1 / HealthCoach 2.9.2 Account Takeover Vulnerability

HealthForYou version 1.11.1 and HealthCoach version 2.9.2 have a vulnerability that allows for account takeover with only prior knowledge of the user's email address needed. Account takeover with only email address possible Overview Advisory ID: TRSA-2104-02 Advisory version: 1.0 Advisory status:...

Exploits0
0day.today
0day.today
added 2021/05/12 12:0 a.m.38 views

ERPNext 12.18.0 / 13.0.0 Cross Site Scripting Vulnerability

Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-02 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta Vendor: Frappé Technologies https://frappe.io Credits: Troven...

0.1AI score
Exploits0
0day.today
0day.today
added 2021/05/12 12:0 a.m.202 views

ERPNext 12.18.0 / 13.0.0 SQL Injection Vulnerability

Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta Vendor: Frappé Technologies https://frappe.io Credits: Trovent...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/11 12:0 a.m.734 views

ERPNext 12.18.0 / 13.0.0 SQL Injection

Trovent Security Advisory 2103-01 Authenticated SQL injection in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-01 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/05/11 12:0 a.m.397 views

ERPNext 12.18.0 / 13.0.0 Cross Site Scripting

Trovent Security Advisory 2103-02 Multiple XSS vulnerabilities in ERPNext 13.0.0/12.18.0 Overview Advisory ID: TRSA-2103-02 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2103-02 Affected product: ERPNext Tested versions: 12.18.0 and 13.0.0 beta...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/01/07 12:0 a.m.401 views

Rocket.Chat 3.7.1 Email Address Enumeration

Trovent Security Advisory 2010-01 Email address enumeration in reset password Overview Advisory ID: TRSA-2010-01 Advisory version: 1.0 Advisory status: Public Advisory URL: https://trovent.io/security-advisory-2010-01 Affected product: Web application Rocket.Chat Affected version: = 3.7.1 Vendor:...

5.4AI score0.11419EPSS
Exploits2
Rows per page
Query Builder