Lucene search
K

67 matches found

Prion
Prion
added 2023/10/16 8:15 p.m.19 views

Path traversal

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...

5CVSS5.2AI score0.00545EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/10/16 7:38 p.m.26 views

CVE-2023-5177 Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure

The Vrm 360 3D Model Viewer WordPress plugin through 1.2.1 exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode...

5.6AI score0.00545EPSS
Exploits2References1
CVE
CVE
added 2023/10/16 7:38 p.m.56 views

CVE-2023-5177

CVE-2023-5177 affects the Vrm 360 3D Model Viewer WordPress plugin (

5.3CVSS5.6AI score0.00545EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/10/16 12:0 a.m.5 views

WordPress plugin Vrm 360 3D Model Viewer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

5.3CVSS6.8AI score0.00545EPSS
Exploits2References2
Patchstack
Patchstack
added 2023/09/26 12:0 a.m.11 views

WordPress Vrm 360 3D Model Viewer Plugin <= 1.2.1 is vulnerable to Sensitive Data Exposure

Software Vrm 360 3D Model Viewer Type Plugin Vulnerable versions = 1.2.1 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Sensitive Data Exposure CVE CVE-2023-5177 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 41f6e6c8c32c Credits Jonatas Souza Vill...

5.3CVSS6.9AI score0.00545EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2023/09/25 12:0 a.m.167 views

Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure

Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a non-existent...

5.3CVSS5.4AI score0.00545EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/09/25 12:0 a.m.22 views

Vrm 360 3D Model Viewer <= 1.2.1 - Full Path Disclosure

Description The plugin exposes the full path of a file when putting in a non-existent file in a parameter of the shortcode. PoC 1. Create a page 2. Place the shortcode vrm360 canvasname=s1 modelurl=SACharacter.zip aspectratio=1.8 initialoffset=0.9 on the page SACharacter.zip should be a...

5.3CVSS5.3AI score0.00545EPSS
Exploits2
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/23 10:7 p.m.36 views

Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control (CVE-2019-15606, CVE-2019-15604, CVE-2019-15605)

Summary Node.js is vulnerable to security bypass, denial of service and HTTP request smuggling. These vulnerabilities affect IBM Spectrum Control. Vulnerability Details CVEID: CVE-2019-15606 DESCRIPTION: Node.js could allow a remote attacker to bypass security restrictions, caused by an issue whe...

9.8CVSS8.9AI score0.57132EPSS
Exploits2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2022/03/23 10:7 p.m.25 views

Security Bulletin: Vulnerability in WebSphere Application Server Liberty affects IBM Spectrum Control (CVE-2020-4329)

Summary WebSphere Application Server Liberty could allow a remote, authenticated attacker to obtain sensitive information caused by improper paramater checking which affects IBM Spectrum Control. Vulnerability Details CVEID: CVE-2020-4329 DESCRIPTION: IBM WebSphere Application Server 7.0, 8.0, 8....

4.3CVSS4.5AI score0.0112EPSS
Exploits0Affected Software1
OSV
OSV
added 2021/12/08 10:15 p.m.6 views

CVE-2021-23859

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local...

7.5CVSS5.8AI score0.00972EPSS
Exploits0References1
NVD
NVD
added 2021/12/08 10:15 p.m.36 views

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

6.5CVSS0.00799EPSS
Exploits0References1
OSV
OSV
added 2021/12/08 10:15 p.m.5 views

CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

6.1CVSS5.2AI score0.00495EPSS
Exploits0References1
NVD
NVD
added 2021/12/08 10:15 p.m.36 views

CVE-2021-23862

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder VJD-7513 and VJD-8000...

9CVSS0.01393EPSS
Exploits0References1
OSV
OSV
added 2021/12/08 10:15 p.m.4 views

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

6.5CVSS6.7AI score
Exploits0References1
NVD
NVD
added 2021/12/08 10:15 p.m.21 views

CVE-2021-23859

An unauthenticated attacker is able to send a special HTTP request, that causes a service to crash. In case of a standalone VRM or BVMS with VRM installation this crash also opens the possibility to send further unauthenticated commands to the service. On some products the interface is only local...

9.1CVSS0.00972EPSS
Exploits0References1
NVD
NVD
added 2021/12/08 10:15 p.m.31 views

CVE-2021-23860

An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

6.1CVSS0.00495EPSS
Exploits0References1
Prion
Prion
added 2021/12/08 10:15 p.m.27 views

Design/Logic Flaw

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

5.5CVSS6.5AI score0.00799EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/12/08 10:15 p.m.17 views

Cross site scripting

An error in a page handler of the VRM may lead to a reflected cross site scripting XSS in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

4.3CVSS5.9AI score0.00495EPSS
Exploits0References1Affected Software2
Prion
Prion
added 2021/12/08 10:15 p.m.16 views

Design/Logic Flaw

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder VJD-7513 and VJD-8000...

9CVSS7.2AI score0.01393EPSS
Exploits0References1Affected Software4
Cvelist
Cvelist
added 2021/12/08 9:17 p.m.33 views

CVE-2021-23862 Authenticated Remote Code Execution

A crafted configuration packet sent by an authenticated administrative user can be used to execute arbitrary commands in system context. This issue also affects installations of the VRM, DIVAR IP, BVMS with VRM installed, the VIDEOJET decoder VJD-7513 and VJD-8000...

7.2CVSS7.5AI score0.01393EPSS
Exploits0References1
Rows per page
Query Builder