45 matches found
EUVD-2020-10658
Malware in sbrugna...
EUVD-2020-13295
Malware in sbrugna...
CVE-2023-24323
Mojoportal v2.7 was discovered to contain an authenticated XML external entity XXE injection vulnerability...
CVE-2022-29767
adbyby v2.7 allows external users to make connections via port 8118. This can cause a program logic error and lead to a Denial of Service DoS via high CPU usage due to a large number of connections...
CVE-2024-51243
The eladmin v2.7 and before contains a remote code execution RCE vulnerability that can control all application deployment servers of this management system via DeployController.java...
CVE-2024-51243
The vulnerability CVE-2024-51243 affects eladmin v2.7 and earlier. Concretely, an RCE exists that can allow an attacker to control all application deployment servers through DeployController.java. The Red Hat and other adapters corroborate the same root cause. No exploitation details or fix/versi...
CVE-2024-44676
eladmin v2.7 and before is vulnerable to Cross Site Scripting XSS which allows an attacker to execute arbitrary code via LocalStoreController. java...
CVE-2024-44677
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the DatabaseController.java component...
CVE-2024-44676
eladmin v2.7 and before is vulnerable to Cross Site Scripting XSS which allows an attacker to execute arbitrary code via LocalStoreController. java...
CVE-2024-44677
Summary (CVE-2024-44677) eladmin v2.7 and earlier is vulnerable to Server-Side Request Forgery (SSRF) via the DatabaseController.java component, enabling an attacker to execute arbitrary code. This aligns with Red Hat and CVE records describing a high-severity, network-based impact with no privil...
CVE-2024-44676
eladmin v2.7 and before is vulnerable to Cross Site Scripting XSS which allows an attacker to execute arbitrary code via LocalStoreController. java...
CVE-2024-44676
CVE-2024-44676 affects eladmin v2.7 and earlier. The vulnerability is described as a Cross Site Scripting (XSS) flaw that allows an attacker to execute arbitrary code via LocalStoreController.java. Public documents provide multiple attestations of this issue (NVD/NVD-derived metrics and Red Hat/O...
CVE-2024-44677
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the DatabaseController.java component...
CVE-2024-44677
eladmin v2.7 and before is vulnerable to Server-Side Request Forgery SSRF which allows an attacker to execute arbitrary code via the DatabaseController.java component...
Privilege escalation
Welcart e-Commerce versions 2.7 to 2.8.21 allows a user with editor or higher privilege to upload an arbitrary file to an unauthorized directory...
CVE-2023-24323
Mojoportal v2.7 was discovered to contain an authenticated XML external entity XXE injection vulnerability...
CVE-2023-24323
Mojoportal v2.7 was discovered to contain an authenticated XML external entity XXE injection vulnerability...
Xxe
Mojoportal v2.7 was discovered to contain an authenticated XML external entity XXE injection vulnerability...
CVE-2023-24323
Mojoportal v2.7 was discovered to contain an authenticated XML external entity XXE injection vulnerability...
CVE-2023-24323
Summary (CVE-2023-24323): Mojoportal v2.7 is affected by an authenticated XML External Entity (XXE) injection vulnerability. The issue affects the Mojoportal web application (version 2.7) and involves an XXE in the XML processing path. According to the CVE records, the CVSS v3.1 base score is 8.8...