Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-44016
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can download arbitrary files from the web server by abusing an API call: /DS/LM_API/api/ConfigurationService/GetImages with an '"ImagesPath":"C:\\"' value.
Simmeth Lieferantenmanager
NA
CVE-2022-44017
An issue exists in Simmeth Lieferantenmanager prior to 5.6. Due to errors in session management, an attacker can log back into a victim's account after the victim logged out - /LMS/LM/#main can be used for this. This is due to the credentials not being cleaned from the local...
Simmeth Lieferantenmanager
NA
CVE-2022-45915
ILIAS prior to 7.16 allows OS Command Injection.
Ilias Ilias
NA
CVE-2022-45916
ILIAS prior to 7.16 allows XSS.
Ilias Ilias
NA
CVE-2022-45917
ILIAS prior to 7.16 has an Open Redirect.
Ilias Ilias
NA
CVE-2022-45918
ILIAS prior to 7.16 allows External Control of File Name or Path.
Ilias Ilias
NA
CVE-2022-45922
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowi...
Opentext Opentext Extended Ecm
NA
CVE-2022-45924
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
Opentext Opentext Extended Ecm
NA
CVE-2022-45925
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and se...
Opentext Opentext Extended Ecm
NA
CVE-2022-45926
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
Opentext Opentext Extended Ecm
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040
privilege escalation
CVE-2024-4112
CVE-2024-32872
man-in-the-middle
CVE-2024-32788
bypass
CVE-2024-3400
CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »