Lucene search
K

43 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-1966

Malware in sbrugna...

9.8CVSS9.5AI score0.02346EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-1959

Malware in sbrugna...

7.8CVSS7.6AI score0.02218EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1965

Malware in sbrugna...

7.2CVSS7AI score0.01856EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1962

Malware in sbrugna...

9.8CVSS9.5AI score0.02281EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1961

Malware in sbrugna...

9.8CVSS9.5AI score0.02848EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2018-1964

Malware in sbrugna...

6.1CVSS6.3AI score0.01277EPSS
Exploits0References2
OSV
OSV
added 2018/12/28 4:29 p.m.5 views

CVE-2018-1000628

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp function. By adding "" to the end of "key" in the URL when accessing API functions...

9.8CVSS5.9AI score0.02848EPSS
Exploits0References1
OSV
OSV
added 2018/12/28 4:29 p.m.2 views

CVE-2018-1000630

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete...

7.2CVSS5.9AI score0.01856EPSS
Exploits0References1
OSV
OSV
added 2018/12/28 4:29 p.m.3 views

CVE-2018-1000629

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or loginusername parameter in a...

6.1CVSS5.8AI score0.01277EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.18 views

CVE-2018-1000627

Battelle V2I Hub 2.5.1 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict access to the API key file. An attacker could exploit this vulnerability to obtain the current API key to gain unauthorized access to the system...

9.8CVSS9.4AI score0.02281EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.9 views

CVE-2018-1000624

Battelle V2I Hub 2.5.1 is vulnerable to a denial of service, caused by the failure to restrict access to a sensitive functionality. By visiting http://V2IHUB/UI/powerdown.php, a remote attacker could exploit this vulnerability to shut down the system...

7.8CVSS7.5AI score0.02218EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.24 views

CVE-2018-1000628

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp function. By adding "" to the end of "key" in the URL when accessing API functions...

9.8CVSS9.6AI score0.02848EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.13 views

CVE-2018-1000625

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

10CVSS9.5AI score0.0228EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.12 views

CVE-2018-1000631

Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::userinfo function, which could allow the attacker to view, add, modify or delete information in the back-end database...

9.8CVSS9.7AI score0.02346EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.11 views

CVE-2018-1000630

Battelle V2I Hub 2.5.1 is vulnerable to SQL injection. A remote authenticated attacker could send specially-crafted SQL statements to /api/PluginStatusActions.php and /status/pluginStatus.php using the jtSorting or id parameter, which could allow the attacker to view, add, modify or delete...

7.2CVSS7.1AI score0.01856EPSS
Exploits0References1
OSV
OSV
added 2018/12/28 4:29 p.m.3 views

CVE-2018-1000631

Battelle V2I Hub 3.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the tmx/TmxCtl/src/lib/PluginStatus.cpp and TmxControl::userinfo function, which could allow the attacker to view, add, modify or delete information in the back-end database...

9.8CVSS5.9AI score0.02346EPSS
Exploits0References1
OSV
OSV
added 2018/12/28 4:29 p.m.8 views

CVE-2018-1000625

Battelle V2I Hub 2.5.1 contains hard-coded credentials for the administrative account. An attacker could exploit this vulnerability to log in as an admin on any installation and gain unauthorized access to the system...

9.8CVSS5.8AI score0.0228EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.13 views

CVE-2018-1000626

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the lack of requirement to change the default API key. An attacker could exploit this vulnerability using all available API functions containing an unchanged API key to gain unauthorized access to the...

9.8CVSS9.6AI score0.02848EPSS
Exploits0References1
NVD
NVD
added 2018/12/28 4:29 p.m.17 views

CVE-2018-1000629

Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. A remote attacker could exploit this vulnerability using the parameterName or loginusername parameter in a...

6.1CVSS6.4AI score0.01277EPSS
Exploits0References1
Prion
Prion
added 2018/12/28 4:29 p.m.16 views

Security feature bypass

Battelle V2I Hub 2.5.1 could allow a remote attacker to bypass security restrictions, caused by the direct checking of the API key against a user-supplied value in PHP's GET global variable array using PHP's strcmp function. By adding "" to the end of "key" in the URL when accessing API functions...

7.5CVSS9.4AI score0.02848EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder