Lucene search
+L

107 matches found

OSV
OSV
added 2022/11/11 11:4 a.m.6 views

OESA-2022-2073 ganglia security update

Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. Security Fixes: ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter.CVE-2019-20378 ganglia-web a...

6.1CVSS6.5AI score0.01014EPSS
Exploits2References3
Snyk
Snyk
added 2022/09/13 8:13 a.m.3 views

Malicious Package

Overview common-web-frontend-styling is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if th...

9.8CVSS7.1AI score
Exploits0References3
OSV
OSV
added 2022/06/27 9:15 p.m.5 views

UBUNTU-CVE-2022-31086

LDAP Account Manager LAM is a webfrontend for managing entries e.g. users, groups, DHCP settings stored in an LDAP directory. In versions prior to 8.0 incorrect regular expressions allow to upload PHP scripts to config/templates/pdf. This vulnerability could lead to a Remote Code Execution if the...

8.8CVSS6.9AI score0.02165EPSS
Exploits0References4
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:22 p.m.3 views

Malicious code in web-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6072960685ef2154e26a6d650399a02fc1bc892374cd849d71cb5324f6ae4b51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:22 p.m.5 views

MAL-2022-7069 Malicious code in web-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6072960685ef2154e26a6d650399a02fc1bc892374cd849d71cb5324f6ae4b51 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:15 p.m.3 views

Malicious code in @ch-post-common/common-web-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909faab73232acee1d72b62ae9370a819f55eb8de3c14ac9b8c3993d381dd54c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:15 p.m.5 views

MAL-2022-166 Malicious code in @ch-post-common/common-web-frontend (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 909faab73232acee1d72b62ae9370a819f55eb8de3c14ac9b8c3993d381dd54c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
NVD
NVD
added 2022/04/15 7:15 p.m.24 views

CVE-2022-24851

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

8.1CVSS0.01086EPSS
Exploits1References4
OSV
OSV
added 2022/04/15 6:45 p.m.21 views

CVE-2022-24851 Stored XSS and path traversal in LDAPAccountManager/lam

LDAP Account Manager LAM is an open source web frontend for managing entries stored in an LDAP directory. The profile editor tool has an edit profile functionality, the parameters on this page are not properly sanitized and hence leads to stored XSS attacks. An authenticated user can store XSS...

8.1CVSS6.7AI score0.01086EPSS
Exploits1References6
CVE
CVE
added 2022/04/15 6:45 p.m.101 views

CVE-2022-24851

CVE-2022-24851 affects LDAP Account Manager (LAM). The stored XSS flaws occur in the profile editor (edit profile) and in the pdf editor (logoFile path handling), with attacker-controlled payloads when logged into the LAM admin interface. Both issues require an authenticated admin user to exploit...

8.1CVSS4.9AI score0.01086EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2022/03/12 11:3 a.m.8 views

OESA-2022-1568 ganglia security update

Ganglia is a scalable, real-time monitoring and execution environment with all execution requests and statistics expressed in an open well-defined XML format. Security Fixes: ganglia-web aka Ganglia Web Frontend through 3.7.5 allows XSS via the header.php ce parameter.CVE-2019-20378 ganglia-web a...

6.1CVSS6.5AI score0.01014EPSS
Exploits2References3
Check Point Advisories
Check Point Advisories
added 2022/03/02 12:0 a.m.29 views

Zabbix Web Frontend Authentication Bypass (CVE-2022-23131)

An authentication bypass vulnerability exists in Zabbix Web Frontend. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

5.1CVSS5.4AI score0.95683EPSS
Exploits9
Check Point Advisories
Check Point Advisories
added 2022/03/02 12:0 a.m.23 views

Zabbix Web Frontend Authentication Bypass (CVE-2022-23134)

An authentication bypass vulnerability exists in Zabbix Web Frontend. Successful exploitation of this vulnerability would allow remote attackers to obtain sensitive information and gain unauthorized access into the affected system...

5CVSS5.4AI score0.84657EPSS
Exploits1
hivepro
hivepro
added 2022/02/24 10:27 a.m.92 views

Zabbix affected by two actively exploited vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here Multiple security vulnerabilities have been discovered in Zabbix open-source network traffic monitoring software Web Frontend component while implementing client-side sessions storage and are being actively exploited as per...

5.1CVSS1.5AI score0.95683EPSS
Exploits10
OSV
OSV
added 2020/08/17 2:15 p.m.3 views

CVE-2020-12606

An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...

9.8CVSS7.5AI score0.03388EPSS
Exploits0References1
Prion
Prion
added 2020/08/17 2:15 p.m.12 views

Sql injection

An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xpcmdshell stored...

7.5CVSS9.7AI score0.03388EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2020/06/30 6:15 p.m.4 views

CVE-2020-15307

Nozomi Guardian before 19.0.4 allows attackers to achieve stored XSS in the web front end by leveraging the ability to create a custom field with a crafted field name...

6.1CVSS5.8AI score0.00686EPSS
Exploits1References1
OSV
OSV
added 2020/05/07 9:15 p.m.3 views

CVE-2020-10795

Gira TKS-IP-Gateway 4.0.7.7 is vulnerable to authenticated remote code execution via the backup functionality of the web frontend. This can be combined with CVE-2020-10794 for remote root access...

7.2CVSS7.6AI score0.03808EPSS
Exploits1References1
OSV
OSV
added 2020/05/07 9:15 p.m.3 views

CVE-2020-9474

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

8.8CVSS7.8AI score0.01945EPSS
Exploits1References1
NVD
NVD
added 2020/05/07 9:15 p.m.14 views

CVE-2020-9474

The S. Siedle & Soehne SG 150-0 Smart Gateway before 1.2.4 allows remote code execution via the backup functionality in the web frontend. By using an exploit chain, an attacker with access to the network can get root access on the gateway...

9CVSS9AI score0.01945EPSS
Exploits1References1
Rows per page
Query Builder