Lucene search

K

5 matches found

CVE
CVE
added 2019/06/17 2:15 p.m.75 views

CVE-2018-20470

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside attacker to view contents of sensitive files.

7.5CVSS7.3AI score0.88207EPSS
CVE
CVE
added 2019/06/17 2:15 p.m.68 views

CVE-2018-20472

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.

5.4CVSS5.5AI score0.00306EPSS
CVE
CVE
added 2019/06/17 2:15 p.m.60 views

CVE-2018-20469

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.

9.8CVSS9.7AI score0.11603EPSS
CVE
CVE
added 2019/06/17 2:15 p.m.42 views

CVE-2018-20468

An issue was discovered in Tyto Sahi Pro through 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results in code execution.

8.8CVSS8.9AI score0.00376EPSS
CVE
CVE
added 2019/09/06 5:15 p.m.38 views

CVE-2019-15102

An issue was discovered in Tyto Sahi Pro 6.x through 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an attacker to execute an arbitrary script on the remote Sahi Pro server. There is also a password-protected web interface inten...

9.8CVSS9.9AI score0.0454EPSS