Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv3
CVE-2022-44014
An issue exists in Simmeth Lieferantenmanager prior to 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.
Simmeth Lieferantenmanager
8.8
CVSSv3
CVE-2022-45915
ILIAS prior to 7.16 allows OS Command Injection.
Ilias Ilias
6.5
CVSSv3
CVE-2022-45918
ILIAS prior to 7.16 allows External Control of File Name or Path.
Ilias Ilias
8.8
CVSSv3
CVE-2022-45922
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowi...
Opentext Opentext Extended Ecm
7.5
CVSSv3
CVE-2022-45925
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and se...
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2022-45926
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2022-45928
A remote OScript execution issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and execute...
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2019-11591
The WebDorado Contact Form plugin prior to 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET...
Web-dorado Contact Form
7.5
CVSSv3
CVE-2020-14864
Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware (component: Installation). Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with...
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Business Intelligence 5.5.0.0.0
5.4
CVSSv3
CVE-2022-45916
ILIAS prior to 7.16 allows XSS.
Ilias Ilias
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »