Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
esri arcgis vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-38195
There is as reflected cross site scripting issue in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote unauthorized attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s brows...
Esri Arcgis Server
NA
CVE-2022-38196
Esri ArcGIS Server versions 10.9.1 and prior have a path traversal vulnerability that may result in a denial of service by allowing a remote, authenticated malicious user to overwrite internal ArcGIS Server directory.
Esri Arcgis Server
NA
CVE-2022-38197
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated malicious user to phish a user into accessing an attacker controlled website via a crafted query parameter.
Esri Arcgis Server
NA
CVE-2022-38198
There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated malicious user to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code i...
Esri Arcgis Server
NA
CVE-2022-38201
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.
Esri Arcgis Quickcapture
NA
CVE-2022-38202
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclo...
Esri Arcgis Server
3.5
CVSSv2
CVE-2013-5222
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
Esri Arcgis 10.1
6.5
CVSSv2
CVE-2012-4949
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
Esri Arcgis 10.1
1 EDB exploit
3.5
CVSSv2
CVE-2021-3012
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise prior to 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).
Esri Arcgis Enterprise
6
CVSSv2
CVE-2021-29093
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and previous versions) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
Esri Arcgis Server
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »