Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sahipro sahi pro 8.0.0 vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2019-13597
_s_/sprm/_s_/dyn/Player_setScriptFile in Sahi Pro 8.0.0 allows command execution. It allows one to run ".sah" scripts via Sahi Launcher. Also, one can create a new script with an editor. It is possible to execute commands on the server using the _execute() function.
Sahipro Sahi Pro 8.0.0
446
VMScore
CVE-2019-13063
Within Sahi Pro 8.0.0, an attacker can send a specially crafted URL to include any victim files on the system via the script parameter on the Script_view page. This will result in file disclosure (i.e., being able to pull any file from the remote victim application). This can be ...
Sahipro Sahi Pro 8.0.0
383
VMScore
CVE-2019-13066
Sahi Pro 8.0.0 has a script manager arena located at _s_/dyn/pro/DBReports with many different areas that are vulnerable to reflected XSS, by updating a script's Script Name, Suite Name, Base URL, Android, iOS, Scripts Run, Origin Machine, or Comment field. The sql parameter...
Sahipro Sahi Pro 8.0.0
355
VMScore
CVE-2018-20472
An issue exists in Tyto Sahi Pro up to and including 7.x.x and 8.0.0. The logs web interface is vulnerable to stored XSS.
Sahipro Sahi Pro
1 EDB exploit
605
VMScore
CVE-2018-20468
An issue exists in Tyto Sahi Pro up to and including 7.x.x and 8.0.0. A web reports module has "export to excel features" that are vulnerable to CSV injection. An attacker can embed Excel formulas inside an automation script that, when exported after execution, results ...
Sahipro Sahi Pro
505
VMScore
CVE-2018-20470
An issue exists in Tyto Sahi Pro up to and including 7.x.x and 8.0.0. A directory traversal (arbitrary file access) vulnerability exists in the web reports module. This allows an outside malicious user to view contents of sensitive files.
Sahipro Sahi Pro
1 EDB exploit
755
VMScore
CVE-2018-20469
An issue exists in Tyto Sahi Pro up to and including 7.x.x and 8.0.0. A parameter in the web reports module is vulnerable to h2 SQL injection. This can be exploited to inject SQL queries and run standard h2 system functions.
Sahipro Sahi Pro
1 EDB exploit
668
VMScore
CVE-2019-15102
An issue exists in Tyto Sahi Pro 6.x up to and including 8.0.0. TestRunner_Non_distributed (and distributed end points) does not have any authentication mechanism. This allow an malicious user to execute an arbitrary script on the remote Sahi Pro server. There is also a password-...
Sahipro Sahi Pro
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started