Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
lfi vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2022-45917
ILIAS prior to 7.16 has an Open Redirect.
Ilias Ilias
8.8
CVSSv3
CVE-2022-45922
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The request handler for ll.KeepAliveSession sets a valid AdminPwd cookie even when the Web Admin password was not entered. This allows access to endpoints, which require a valid AdminPwd cookie, without knowi...
Opentext Opentext Extended Ecm
8.1
CVSSv3
CVE-2022-45924
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint itemtemplate.createtemplate2 allows a low-privilege user to delete arbitrary files on the server's local filesystem.
Opentext Opentext Extended Ecm
7.5
CVSSv3
CVE-2022-45925
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The action xmlexport accepts the parameter requestContext. If this parameter is present, the response includes most of the HTTP headers sent to the server and some of the CGI variables like remote_adde and se...
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2022-45926
An issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). The endpoint notify.localizeEmailTemplate allows a low-privilege user to evaluate webreports.
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2022-45928
A remote OScript execution issue exists in OpenText Content Suite Platform 22.1 (16.2.19.1803). Multiple endpoints allow the user to pass the parameter htmlFile, which is included in the HTML output rendering pipeline of a request. Because the Content Server evaluates and execute...
Opentext Opentext Extended Ecm
8.8
CVSSv3
CVE-2019-11590
The 10Web Form Maker plugin prior to 1.13.5 for WordPress allows CSRF via the wp-admin/admin-ajax.php action parameter, with resultant local file inclusion via directory traversal, because there can be a discrepancy between the $_POST['action'] value and the $_GET['...
10web Form Maker
5.4
CVSSv3
CVE-2022-44012
An issue exists in /DS/LM_API/api/SelectionService/InsertQueryWithActiveRelationsReturnId in Simmeth Lieferantenmanager prior to 5.6. An attacker can execute JavaScript code in the browser of the victim if a site is loaded. The victim's encrypted password can be stolen and m...
Simmeth Lieferantenmanager
9.1
CVSSv3
CVE-2022-44013
An issue exists in Simmeth Lieferantenmanager prior to 5.6. An attacker can make various API calls without authentication because the password in a Credential Object is not checked.
Simmeth Lieferantenmanager
6.5
CVSSv3
CVE-2022-44014
An issue exists in Simmeth Lieferantenmanager prior to 5.6. In the design of the API, a user is inherently able to fetch arbitrary SQL tables. This leaks all user passwords and MSSQL hashes via /DS/LM_API/api/SelectionService/GetPaggedTab.
Simmeth Lieferantenmanager
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-28254
CVE-2024-32515
CVE-2024-21338
validation
CVE-2024-32522
dos
CVE-2024-2101
CVE-2024-21107
elevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »