it-novum openitcockpit vulnerabilities and exploits

(subscribe to this query)

6.4

CVSSv2

openITCOCKPIT prior to 3.7.3 uses the 1fea123e07f730f76e661bced33a94152378611e API key rather than generating a random API Key for WebSocket connections.

It-novum Openitcockpit

NA

Race Condition within a Thread in GitHub repository it-novum/openitcockpit before 4.6.5.

It-novum Openitcockpit

4.3

CVSSv2

openITCOCKPIT prior to 3.7.1 has reflected XSS in the 404-not-found component.

It-novum Openitcockpit

1 EDB exploit

NA

Sensitive Cookie in HTTPS Session Without 'Secure' Attribute in GitHub repository it-novum/openitcockpit before 4.6.6.

It-novum Openitcockpit

7.5

CVSSv2

openITCOCKPIT prior to 3.7.1 allows code injection, aka RVID 1-445b21.

It-novum Openitcockpit

4.3

CVSSv2

openITCOCKPIT prior to 3.7.1 has reflected XSS, aka RVID 3-445b21.

It-novum Openitcockpit

6.4

CVSSv2

openITCOCKPIT prior to 3.7.1 allows deletion of files, aka RVID 4-445b21.

It-novum Openitcockpit

6.8

CVSSv2

openITCOCKPIT prior to 3.7.1 has CSRF, aka RVID 2-445b21.

It-novum Openitcockpit

7.5

CVSSv2

openITCOCKPIT prior to 3.7.1 allows SSRF, aka RVID 5-445b21.

It-novum Openitcockpit

10

CVSSv2

openITCOCKPIT prior to 3.7.3 has a web-based terminal that allows malicious users to execute arbitrary OS commands via shell metacharacters that are mishandled on an su command line in app/Lib/SudoMessageInterface.php.

It-novum Openitcockpit

Get Started

1 2 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook