Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sage sage vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-41399
The optional Web Screens feature for Sage 300 through version 2022 uses a hard-coded 40-byte blowfish key ("PASS_KEY") to encrypt and decrypt the database connection string for the PORTAL database found in the "dbconfig.xml". This issue could allow malicious u...
Sage Sage 300
NA
CVE-2022-41400
Sage 300 through 2022 uses a hard-coded 40-byte blowfish key to encrypt and decrypt user passwords and SQL connection strings stored in ISAM database files in the shared data directory. This issue could allow malicious users to decrypt user passwords and SQL connection strings.
Sage Sage 300
NA
CVE-2019-25053
A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated malicious users to access files outside of the web tree via a crafted URL.
Sage Sage Frp 1000
NA
CVE-2023-2809
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote malicious user to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote exec...
Sage Sage 200 Spain 2023.38.001
NA
CVE-2022-34322
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an malicious user to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify...
Sage Sage Enterprise Intelligence 2021 R1.1
NA
CVE-2022-34324
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated malicious user to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.
Sage Sage Xrt Business Exchange 12.4.302
NA
CVE-2022-34323
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an malicious user to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Fil...
Sage Sage Xrt Business Exchange 12.4.302
9.3
CVSSv2
CVE-2009-4102
Sage 1.4.3 and previous versions extension for Firefox performs certain operations with chrome privileges, which allows remote malicious users to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Sage.mozdev Sage 1.3.8
Sage.mozdev Sage
Mozilla Firefox
5
CVSSv2
CVE-2020-7387
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fi...
Sage Adxadmin
1 Github repository
9
CVSSv2
CVE-2020-7389
Sage X3 System CHAINE Variable Script Command Injection. An authenticated user with developer access can pass OS commands via this variable used by the web application. Note, this developer configuration should not be deployed in production.
Sage Syracuse
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-30310
CVE-2024-21683
CVE-2024-22187
chrome
deserialization
XPath injection
CVE-2024-27842
denial of service
CVE-2024-24851
google
CVE-2024-35400
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »