Lucene search
K

2224 matches found

Talos
Talos
added 2020/11/03 12:0 a.m.58 views

Moxa MXView series installation privilege escalation vulnerability

Talos Vulnerability Report TALOS-2020-1148 Moxa MXView series installation privilege escalation vulnerability November 3, 2020 CVE Number CVE-2020-13537,CVE-2020-13536 SUMMARY Multiple exploitable local privilege elevation vulnerabilities exist in the file system permissions of Moxa MXView series...

9.3CVSS8.4AI score0.00544EPSS
Exploits2
Talos
Talos
added 2020/10/30 12:0 a.m.225 views

Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability

Talos Vulnerability Report TALOS-2020-1086 Synology SRM web interface session cookie HttpOnly flag information disclosure vulnerability October 30, 2020 CVE Number CVE-2020-27658 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality o...

7.1CVSS6.3AI score0.01297EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.64 views

Synology SRM lbd service Command Execution Vulnerability

Summary An exploitable command execution vulnerability exists in the lbd service functionality of Qualcomm lbd 1.1, as present in Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted debug command can overwrite arbitrary files with controllable content, resulting in remote code execution. An...

9.8CVSS10AI score0.20075EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.41 views

Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1059 Synology SRM web interface session cookie secure flag Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27651 SUMMARY An exploitable information disclosure vulnerability exists in the web interface session cookie functionality of...

8.1CVSS6.5AI score0.00762EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.181 views

Synology QuickConnect servers network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the VPN servers of Synology QuickConnect. The server does not enforce proper subnetting, allowing an attacker to reach any device connected to the VPN. To abuse this vulnerability, the attacker needs to change their subnet...

7.9AI score
Exploits0
Talos
Talos
added 2020/10/29 12:0 a.m.108 views

Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1060 Synology QuickConnect servers HTTP redirection Information Disclosure Vulnerability October 29, 2020 CVE Number None SUMMARY An exploitable information disclosure vulnerability exists in the HTTP redirection functionality of Synology QuickConnect servers...

6.9AI score
Exploits0
Talos
Talos
added 2020/10/29 12:0 a.m.110 views

Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1061 Synology SRM QuickConnect HTTP connection Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27653 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect HTTP connection functionality of Synology SRM...

8.3CVSS7.7AI score0.00822EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.113 views

Synology SRM QuickConnect authentication Information Disclosure Vulnerability

Talos Vulnerability Report TALOS-2020-1058 Synology SRM QuickConnect authentication Information Disclosure Vulnerability October 29, 2020 CVE Number CVE-2020-27649 SUMMARY An exploitable information disclosure vulnerability exists in the QuickConnect authentication functionality of Synology SRM...

9CVSS9AI score0.00711EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.87 views

Synology SRM QuickConnect iptables network misconfiguration vulnerability

Summary An exploitable network misconfiguration vulnerability exists in the QuickConnect iptables functionality of Synology SRM 1.2.3 RT2600ac 8017-5. Packets originating from the QuickConnect VPN interface are not filtered, resulting in unrestricted communication with any network service running...

10CVSS8.3AI score0.01745EPSS
Exploits1
Talos
Talos
added 2020/10/29 12:0 a.m.115 views

Synology SRM dnsExit DDNS provider information disclosure vulnerability

Summary An information disclosure vulnerability exists in the dnsExit DDNS provider functionality of Synology SRM 1.2.3 RT2600ac 8017-5. A specially crafted man-in-the-middle attack can steal the dnsExit credentials to take over the registered subdomain. An attacker can impersonate the remote...

5AI score
Exploits0
Talos
Talos
added 2020/10/22 12:0 a.m.33 views

Google Chrome DrawElementsInstanced information leak vulnerability

Talos Vulnerability Report TALOS-2020-1123 Google Chrome DrawElementsInstanced information leak vulnerability October 22, 2020 CVE Number CVE-2020-6555 SUMMARY An information disclosure vulnerability exists in the WebGL functionality of Google Chrome 83.0.4103.116 Stable 64-bit and 86.0.4198.0...

7.6CVSS7.6AI score0.02157EPSS
Exploits1
Talos
Talos
added 2020/10/20 12:0 a.m.57 views

Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability

Talos Vulnerability Report TALOS-2020-1127 Google Chrome WebGL Buffer11::getBufferStorage Code Execution Vulnerability October 20, 2020 CVE Number CVE-2020-6542 SUMMARY A code execution vulnerability exists in the WebGL functionality of Google Chrome 84.0.4147.89 and 85.0.4169.0 Developer Build...

8.8CVSS8.6AI score0.02028EPSS
Exploits0
Talos
Talos
added 2020/10/14 12:0 a.m.36 views

F2fs-Tools F2fs.Fsck dev_read Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the devread functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause an uninitialized read resulting in an information disclosure. An attacker can provide a malicious file to trigger this...

5.5CVSS5.2AI score0.01496EPSS
Exploits1
Talos
Talos
added 2020/10/14 12:0 a.m.38 views

F2fs-Tools F2fs.Fsck init_node_manager Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the initnodemanager functionality of F2fs-Tools F2fs.Fsck 1.12 and 1.13. A specially crafted filesystem can be used to disclose information. An attacker can provide a malicious file to trigger this vulnerability. Tested Version...

5.5CVSS5.2AI score0.01496EPSS
Exploits1
Talos
Talos
added 2020/10/14 12:0 a.m.58 views

F2fs-Tools F2fs.Fsck Multiple Devices Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the multiple devices functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause Information overwrite resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability...

8.2CVSS7.7AI score0.02009EPSS
Exploits1
Talos
Talos
added 2020/10/14 12:0 a.m.39 views

F2fs-Tools F2fs.Fsck filesystem checking Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the getdnodeofdata functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause information disclosure resulting in a information disclosure. An attacker can provide a malicious file to trigger this...

5.5CVSS5.3AI score0.0149EPSS
Exploits1
Talos
Talos
added 2020/10/14 12:0 a.m.40 views

F2fs-Tools F2fs.Fsck fsck_chk_orphan_node Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the fsckchkorphannode functionality of F2fs-Tools F2fs.Fsck 1.13. A specially crafted f2fs filesystem can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerabilit...

8.2CVSS8.4AI score0.02121EPSS
Exploits1
Talos
Talos
added 2020/10/13 12:0 a.m.46 views

Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Data Segment Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Data Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.8CVSS7.3AI score0.03515EPSS
Exploits2
Talos
Talos
added 2020/10/13 12:0 a.m.37 views

Allen-Bradley MicroLogix 1100 programmable logic controller systems IPv4 denial-of-service vulnerability

Summary An exploitable denial-of-service vulnerability exists in the IPv4 functionality of Allen-Bradley MicroLogix 1100 Programmable Logic Controller Systems Series B FRN 16.000, Series B FRN 15.002, Series B FRN 15.000, Series B FRN 14.000, Series B FRN 13.000, Series B FRN 12.000, Series B FRN...

7.5CVSS7.5AI score0.04584EPSS
Exploits0
Talos
Talos
added 2020/10/13 12:0 a.m.50 views

Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Logical Segment Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Logical Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.8CVSS7.3AI score0.03515EPSS
Exploits2
Talos
Talos
added 2020/10/13 12:0 a.m.101 views

Allen-Bradley Flex IO 1794-AENT/B ENIP Request Path Port Segment Denial of Service Vulnerability

Summary An exploitable denial of service vulnerability exists in the ENIP Request Path Port Segment functionality of Allen-Bradley Flex IO 1794-AENT/B. A specially crafted network request can cause a loss of communications with the device resulting in denial-of-service. An attacker can send a...

7.5CVSS7.4AI score0.03454EPSS
Exploits1
Talos
Talos
added 2020/10/13 12:0 a.m.31 views

AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability

Talos Vulnerability Report TALOS-2020-1102 AMD ATIKMDAG.SYS D3DKMTEscape handler Denial of Service Vulnerability October 13, 2020 CVE Number CVE-2020-12933 SUMMARY A denial of service vulnerability exists in the D3DKMTEscape handler functionality of AMD ATIKMDAG.SYS 26.20.15029.27017. A specially...

5.5CVSS5.4AI score0.00342EPSS
Exploits0
Talos
Talos
added 2020/10/07 12:0 a.m.25 views

AMD ATIKMDAG.SYS D3DKMTCreateAllocation handler denial-of-service vulnerability

Talos Vulnerability Report TALOS-2020-1119 AMD ATIKMDAG.SYS D3DKMTCreateAllocation handler denial-of-service vulnerability October 7, 2020 CVE Number CVE-2020-12911 SUMMARY A denial-of-service vulnerability exists in the D3DKMTCreateAllocation handler functionality of AMD ATIKMDAG.SYS...

5.5CVSS5.4AI score0.00338EPSS
Exploits0
Talos
Talos
added 2020/09/30 12:0 a.m.95 views

NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MOV code execution vulnerability

Summary An exploitable code execution vulnerability exists in the nvwg MOV functionality of the NVIDIA D3D10 driver, version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V RemoteFX...

7.8CVSS8AI score0.00359EPSS
Exploits0
Talos
Talos
added 2020/09/30 12:0 a.m.89 views

Apple Safari/Webkit aboutBlankURL() code execution vulnerability

Talos Vulnerability Report TALOS-2020-1124 Apple Safari/Webkit aboutBlankURL code execution vulnerability September 30, 2020 CVE Number CVE-2020-9951 SUMMARY An exploitable use-after-free vulnerability exists in MacOSX Safari Version 13.0.2 15609.2.9.1.2, 610+ Webkit GIT...

8.8CVSS8.7AI score0.02236EPSS
Exploits0
Talos
Talos
added 2020/09/30 12:0 a.m.133 views

NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MUL code execution vulnerability

Summary An exploitable code execution vulnerability exists in the nvwg MUL functionality of NVIDIA D3D10 Driver Version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V RemoteFX. Test...

7.8CVSS8AI score0.00359EPSS
Exploits0
Talos
Talos
added 2020/09/30 12:0 a.m.47 views

NVIDIA D3D10 driver nvwgf2umx_cfg.dll nvwg MOV_SAT code execution vulnerability

Summary An exploitable code execution vulnerability exists in the nvwg MOVSAT functionality of the NVIDIA D3D10 driver, version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V...

7.8CVSS8AI score0.00359EPSS
Exploits0
Talos
Talos
added 2020/09/30 12:0 a.m.72 views

NVIDIA D3D10 Driver nvwgf2umx_cfg.dll nvwg DCL_CONSTANT_BUFFER code execution vulnerability

Summary An exploitable code execution vulnerability exists in the nvwg DCLCONSTANTBUFFER functionality of NVIDIA D3D10 Driver Version 442.50 - 26.21.14.4250. A specially crafted shader can cause remote code execution. An attacker can use this vulnerability to guest-to-host escape through Hyper-V...

7.8CVSS8AI score0.00359EPSS
Exploits0
Talos
Talos
added 2020/09/23 12:0 a.m.61 views

Aveva eDNA Enterprise Data Historian FavoritesService.asmx SQL injection Vulnerability

Talos Vulnerability Report TALOS-2020-1097 Aveva eDNA Enterprise Data Historian FavoritesService.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-6153 Summary An exploitable SQL injection vulnerability exists in the FavoritesService.asmx Web Service functionality of eDNA...

7.5AI score
Exploits0
Talos
Talos
added 2020/09/23 12:0 a.m.62 views

Aveva eDNA Enterprise data historian DNAPoints.asmx SQL injection vulnerability

Talos Vulnerability Report TALOS-2020-1107 Aveva eDNA Enterprise data historian DNAPoints.asmx SQL injection vulnerability September 23, 2020 CVE Number CVE-2020-13502 Summary An exploitable SQL injection vulnerability exists in the DNAPoints.asmx web Service functionality of eDNA Enterprise Data...

7.5AI score
Exploits0
Talos
Talos
added 2020/09/23 12:0 a.m.92 views

Microsoft Azure Sphere Littlefs Quota denial of service vulnerability

Talos Vulnerability Report TALOS-2020-1129 Microsoft Azure Sphere Littlefs Quota denial of service vulnerability September 23, 2020 CVE Number CVE-2020-16986 SUMMARY A denial of service vulnerability exists in the Littlefs Quota functionality of Microsoft Azure Sphere 20.06. A specially crafted s...

6.2CVSS6.7AI score0.01249EPSS
Exploits1
Talos
Talos
added 2020/09/23 12:0 a.m.78 views

Microsoft Azure Sphere Pluton SIGN_WITH_TENANT_ATTESTATION_KEY memory corruption vulnerability

Talos Vulnerability Report TALOS-2020-1139 Microsoft Azure Sphere Pluton SIGNWITHTENANTATTESTATIONKEY memory corruption vulnerability September 23, 2020 CVE Number None SUMMARY A memory corruption vulnerability exists in the Pluton SIGNWITHTENANTATTESTATIONKEY functionality of Microsoft Azure...

8AI score
Exploits0
Talos
Talos
added 2020/09/23 12:0 a.m.78 views

Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability

Talos Vulnerability Report TALOS-2020-1130 Microsoft Azure Sphere Littlefs truncate information disclosure vulnerability September 23, 2020 CVE Number None SUMMARY An information disclosure vulnerability exists in the Littlefs filesystem functionality of Microsoft Azure Sphere 20.06. A specially...

7.1AI score
Exploits0
Talos
Talos
added 2020/09/23 12:0 a.m.83 views

Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities

Talos Vulnerability Report TALOS-2020-1106 Aveva eDNA Enterprise data historian CHaD.asmx multiple SQL injection vulnerabilities September 23, 2020 CVE Number CVE-2020-13501,CVE-2020-13499,CVE-2020-13500 SUMMARY Multiple SQL injection vulnerabilities exists in the CHaD.asmx web service...

9.8CVSS10AI score0.02912EPSS
Exploits3
Talos
Talos
added 2020/09/23 12:0 a.m.55 views

Microsoft Azure Sphere Normal World application PACKET_MMAP unsigned code execution vulnerability

Talos Vulnerability Report TALOS-2020-1134 Microsoft Azure Sphere Normal World application PACKETMMAP unsigned code execution vulnerability September 23, 2020 CVE Number None SUMMARY A code execution vulnerability exists in the normal world’s signed code execution functionality of Microsoft Azure...

7.7AI score
Exploits0
Talos
Talos
added 2020/09/23 12:0 a.m.126 views

Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability

Talos Vulnerability Report TALOS-2020-1109 Aveva eDNA Enterprise Data Historian Alias.asmx SQL injection Vulnerability September 23, 2020 CVE Number CVE-2020-13507, CVE-2020-13508 Summary Multiple SQL injection vulnerabilities exist in the Alias.asmx Web Service functionality of eDNA Enterprise...

7.5AI score
Exploits0
Talos
Talos
added 2020/09/23 12:0 a.m.116 views

Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities

Talos Vulnerability Report TALOS-2020-1108 Aveva eDNA Enterprise Data Historian ednareporting.asmx Multiple SQL injection Vulnerabilities September 23, 2020 CVE Number CVE-2020-13503, CVE-2020-13504, CVE-2020-13505, CVE-2020-13521 Summary Multiple SQL injection vulnerabilities exists in the...

10AI score0.01183EPSS
Exploits2
Talos
Talos
added 2020/09/15 12:0 a.m.50 views

Nitro Pro PDF ICCBased ColorSpace Stroke Color Code Execution Vulnerability

Talos Vulnerability Report TALOS-2020-1084 Nitro Pro PDF ICCBased ColorSpace Stroke Color Code Execution Vulnerability September 15, 2020 CVE Number CVE-2020-6146 SUMMARY An exploitable code execution vulnerability exists in the rendering functionality of Nitro Pro 13.13.2.242 and 13.16.2.300. Wh...

8.8CVSS8.9AI score0.78475EPSS
Exploits1
Talos
Talos
added 2020/09/15 12:0 a.m.67 views

Nitro Pro XRefTable Entry Missing Object Code Execution Vulnerability

Talos Vulnerability Report TALOS-2020-1068 Nitro Pro XRefTable Entry Missing Object Code Execution Vulnerability September 15, 2020 CVE Number CVE-2020-6115 SUMMARY An exploitable vulnerability exists in the cross-reference table repairing functionality of Nitro Software, Inc.’s Nitro Pro...

8.8CVSS7.9AI score0.02731EPSS
Exploits1
Talos
Talos
added 2020/09/15 12:0 a.m.55 views

Nitro Pro Indexed ColorSpace Rendering Code Execution Vulnerability

Summary An arbitrary code execution vulnerability exists in the rendering functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242. When drawing the contents of a page using colors from an indexed colorspace, the application can miscalculate the size of a buffer when allocating space for its...

8.8CVSS8.3AI score0.28424EPSS
Exploits1
Talos
Talos
added 2020/09/15 12:0 a.m.53 views

Nitro Pro PDF JPEG2000 Stripe Sub-sample Decoding Out-of-bounds Write Code Execution Vulnerability

Summary An exploitable code execution vulnerability exists in the JPEG2000 Stripe Decoding functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when decoding sub-samples. While initializing tiles with sub-sample data, the application can miscalculate a pointer for the stripes in the tile...

8.8CVSS8AI score0.17093EPSS
Exploits1
Talos
Talos
added 2020/09/15 12:0 a.m.61 views

Nitro Pro PDF Object Stream Parsing Number of Objects Remote Code Execution Vulnerability

Summary An exploitable vulnerability exists in the object stream parsing functionality of Nitro Software, Inc.’s Nitro Pro 13.13.2.242 when updating its cross-reference table. When processing an object stream from a PDF document, the application will perform a calculation in order to allocate...

8.8CVSS8.3AI score0.6862EPSS
Exploits1
Talos
Talos
added 2020/09/14 12:0 a.m.55 views

Google Chrome PDFium Javascript Active Document Memory Corruption Vulnerability

Summary A memory corruption vulnerability exists in the way Google Chrome 83.0.4103.61 executes JavaScript inside PDF documents. A specially crafted web page can cause out of bounds memory access. To trigger this vulnerability, the victim must visit a malicious webpage or open a malicious PDF...

8.8CVSS9.1AI score0.02965EPSS
Exploits0
Talos
Talos
added 2020/09/08 12:0 a.m.189 views

Microsoft Windows 10 CLFS.sys ValidateRegionBlocks privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the CLFS.sys ValidateRegionBlocks functionality of Microsoft Windows 10 CLFS.SYS 10.0.19041.264 WinBuild.160101.0800 and Insider Preview CLFS.SYS 10.0.20150.1000 WinBuild.160101.0800. A specially crafted malformed log file can cause a heap...

7.8CVSS8.2AI score0.01093EPSS
Exploits0
Talos
Talos
added 2020/09/01 12:0 a.m.32 views

Accusoft ImageGear TIFF handle_COMPRESSION_PACKBITS memory corruption vulnerability

Talos Vulnerability Report TALOS-2020-1095 Accusoft ImageGear TIFF handleCOMPRESSIONPACKBITS memory corruption vulnerability September 1, 2020 CVE Number CVE-2020-6151 SUMMARY A memory corruption vulnerability exists in the TIFF handleCOMPRESSIONPACKBITS functionality of Accusoft ImageGear 19.7. ...

9.8CVSS9.1AI score0.01623EPSS
Exploits0
Talos
Talos
added 2020/09/01 12:0 a.m.30 views

Accusoft ImageGear DICOM parse_dicom_meta_info code execution vulnerability

Talos Vulnerability Report TALOS-2020-1096 Accusoft ImageGear DICOM parsedicommetainfo code execution vulnerability September 1, 2020 CVE Number CVE-2020-6152 SUMMARY A code execution vulnerability exists in the DICOM parsedicommetainfo functionality of Accusoft ImageGear 19.7. A specially crafte...

9.8CVSS7.9AI score0.01943EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.79 views

OS4Ed openSIS DownloadWindow.php SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the DownloadWindow.php functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3...

8.8CVSS7.8AI score0.01803EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.91 views

OS4Ed openSIS id parameter multiple SQL injection vulnerabilities

Summary Multiple exploitable SQL injection vulnerabilities exist in the ID parameters of OS4Ed openSIS 7.3 pages. A specially crafted HTTP request can lead to SQL injection. An attacker can make an authenticated HTTP request to trigger these vulnerabilities. Tested Versions OS4Ed openSIS 7.3...

8.8CVSS8.1AI score0.01403EPSS
Exploits3
Talos
Talos
added 2020/08/31 12:0 a.m.94 views

OS4Ed openSIS login SQL injection vulnerability

Summary An exploitable SQL injection vulnerability exists in the login functionality of OS4Ed openSIS 7.3. A specially crafted HTTP request can lead to SQL injection. An attacker can send an HTTP request to trigger this vulnerability. Tested Versions OS4Ed openSIS 7.3 Product URLs...

9.8CVSS9.9AI score0.03938EPSS
Exploits1
Talos
Talos
added 2020/08/31 12:0 a.m.111 views

OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability

Talos Vulnerability Report TALOS-2020-1072 OS4Ed openSIS CheckDuplicateStudent.php page SQL injection vulnerability August 31, 2020 CVE Number CVE-2020-6117,CVE-2020-6119,CVE-2020-6121,CVE-2020-6118,CVE-2020-6120,CVE-2020-6122 SUMMARY Multiple exploitable SQL injection vulnerabilities exist in th...

8.8CVSS8.1AI score0.01403EPSS
Exploits6
Total number of security vulnerabilities2224