Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
sage sage vulnerabilities and exploits
(subscribe to this query)
7.8
CVSSv3
CVE-2021-45492
In Sage 300 ERP (formerly accpac) up to and including 6.8.x, the installer configures the C:\Sage\Sage300\Runtime directory to be the first entry in the system-wide PATH environment variable. However, this directory is writable by unprivileged users because the Sage installer fai...
Sage Sage 300
NA
CVE-2006-6919
Firefox Sage extension 1.3.8 and previous versions allows remote malicious users to execute arbitrary Javascript in the local context via an RSS feed with an img tag containing the script followed by an extra trailing ">", which Sage modifies to close the img element...
Sage-mozdev Sage
1 EDB exploit
7.5
CVSSv3
CVE-2019-25053
A path traversal vulnerability exists in Sage FRP 1000 before November 2019. This allows remote unauthenticated malicious users to access files outside of the web tree via a crafted URL.
Sage Sage Frp 1000
9.8
CVSSv3
CVE-2023-2809
Plaintext credential usage vulnerability in Sage 200 Spain 2023.38.001 version, the exploitation of which could allow a remote malicious user to extract SQL database credentials from the DLL application. This vulnerability could be linked to known techniques to obtain remote exec...
Sage Sage 200 Spain 2023.38.001
9
CVSSv3
CVE-2022-34322
Multiple XSS issues were discovered in Sage Enterprise Intelligence 2021 R1.1 that allow an malicious user to execute JavaScript code in the context of users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Notify...
Sage Sage Enterprise Intelligence 2021 R1.1
5.4
CVSSv3
CVE-2022-34323
Multiple XSS issues were discovered in Sage XRT Business Exchange 12.4.302 that allow an malicious user to execute JavaScript code in the context of other users' browsers. The attacker needs to be authenticated to reach the vulnerable features. An issue is present in the Fil...
Sage Sage Xrt Business Exchange 12.4.302
8.8
CVSSv3
CVE-2022-34324
Multiple SQL injections in Sage XRT Business Exchange 12.4.302 allow an authenticated malicious user to inject malicious data in SQL queries: Add Currencies, Payment Order, and Transfer History.
Sage Sage Xrt Business Exchange 12.4.302
NA
CVE-2009-4102
Sage 1.4.3 and previous versions extension for Firefox performs certain operations with chrome privileges, which allows remote malicious users to execute arbitrary commands and perform cross-domain scripting attacks via the description tag of an RSS feed.
Sage.mozdev Sage 1.3.8
Sage.mozdev Sage
Mozilla Firefox
9.8
CVSSv3
CVE-2020-7388
Sage X3 Unauthenticated Remote Command Execution (RCE) as SYSTEM in AdxDSrv.exe component. By editing the client side authentication request, an attacker can bypass credential validation. While exploiting this does require knowledge of the installation path, that information can ...
Sage Adxadmin
1 Github repository
1 Article
5.3
CVSSv3
CVE-2020-7387
Sage X3 Installation Pathname Disclosure. A specially crafted packet can elicit a response from the AdxDSrv.exe component that reveals the installation directory of the product. Note that this vulnerability can be combined with CVE-2020-7388 to achieve full RCE. This issue was fi...
Sage Adxadmin
1 Github repository
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »