Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2022-45922
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowi...
Opentext Opentext Extended Ecm
8.1
CVSSv3
CVE-2022-45924
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2022-45926
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
Opentext Opentext Extended Ecm
5.4
CVSSv3
CVE-2022-45916
ILIAS prior to 7.16 allows XSS.
Ilias Ilias
6.1
CVSSv3
CVE-2022-45917
ILIAS prior to 7.16 has an Open Redirect.
Ilias Ilias
9.1
CVSSv3
CVE-2022-44013
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.
Simmeth Lieferantenmanager
5.4
CVSSv3
CVE-2022-44012
An issue exists in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager prior to 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and m...
Simmeth Lieferantenmanager
6.5
CVSSv3
CVE-2022-44014
An issue exists in Simmeth Lieferantenmanager prior to 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.
Simmeth Lieferantenmanager
9.8
CVSSv3
CVE-2022-44015
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can inject raw SQL queries. By activating MSSQL features, the attacker is able to execute arbitrary commands on the MSSQL server via the xp_cmdshell extended procedure.
Simmeth Lieferantenmanager
7.5
CVSSv3
CVE-2022-44016
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value.
Simmeth Lieferantenmanager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »