23 matches found
CVE-2019-20483
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application...
CVE-2019-20484
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in...
EUVD-2019-11028
Malware in sbrugna...
EUVD-2019-6192
Malware in sbrugna...
EUVD-2019-11027
Malware in sbrugna...
CVE-2019-15123
The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site...
Viki Solutions Viki Vera Cross-Site Scripting Vulnerability
Viki Solutions Viki Vera is a suite of workflow customization platforms from Canadian company Viki Solutions. The platform supports file uploading, job management, and other features. A security vulnerability exists in Viki Vera 4.9.1.26180, which can be exploited by an attacker to set a user's...
Viki Solutions Viki Vera Access Control Error Vulnerability
Viki Solutions Viki Vera is a suite of workflow customization platforms from Canadian company Viki Solutions. The platform supports file uploading, job management, and other features. An access control error vulnerability exists in Viki Vera version 4.9.1.26180, which is related to the affected...
CVE-2019-20484
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in...
CVE-2019-20483
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application...
CVE-2019-20483
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application...
Cross site scripting
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application...
CVE-2019-20484
An issue was discovered in Viki Vera 4.9.1.26180. A user without access to a project could download or upload project files by opening the Project URL directly in the browser after logging in...
CVE-2019-20484
CVE-2019-20484 affects Viki Vera 4.9.1.26180. A user who is not granted access to a project can download or upload project files by directly opening the Project URL in a browser after logging in. The Red Hat and CNVD entries corroborate the same access-control flaw, indicating an improper restric...
CVE-2019-20483
An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application...
CVE-2019-20483
The CVE-2019-20483 entry concerns Viki Vera version 4.9.1.26180. The vulnerability allows an attacker to set a user’s last name to an XSS payload, which can be used to read another user’s cookie and impersonate the user by using that cookie to log in. This is described across multiple connected s...
Viki Solutions Viki Vera 跨站脚本漏洞
Viki Solutions Viki Vera is a suite of workflow customization platforms from Canadian company Viki Solutions. The platform supports file uploading, job management, and other features. A security vulnerability exists in Viki Vera 4.9.1.26180, which can be exploited by an attacker to set a user's...
Viki Solutions Viki Vera 访问控制错误漏洞
Viki Solutions Viki Vera is a suite of workflow customization platforms from Canadian company Viki Solutions. The platform supports file uploading, job management, and other features. An access control error vulnerability exists in Viki Vera version 4.9.1.26180, which is related to the affected...
Viki Solutions Viki Vera Code Execution Vulnerability
Viki Solutions Viki Vera is a workflow customization platform from Viki Solutions Canada. The platform supports file uploading, job management, etc. Branding Module is one of the branding modules. A security vulnerability exists in the Branding Module in Viki Solutions Viki Vera version...
CVE-2019-15123
The Branding Module in Viki Vera 4.9.1.26180 allows an authenticated user to change the logo on the website. An attacker could use this to upload a malicious .aspx file and gain Remote Code Execution on the site...