Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

philipp espernberger vulnerabilities and exploits

(subscribe to this query)
5.4
CVSSv3
CVE-2022-31201
SoftGuard Web (SGW) prior to 5.1.5 allows HTML injection.
Monitoringsoft Softguard Web
6.5
CVSSv3
CVE-2022-31202
The export function in SoftGuard Web (SGW) prior to 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.
Monitoringsoft Softguard Web
7.2
CVSSv3
CVE-2022-45889
Planet eStream prior to 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).
Planetestream Planet Estream
6.1
CVSSv3
CVE-2022-45890
In Planet eStream prior to 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter).
Planetestream Planet Estream
6.5
CVSSv3
CVE-2022-45895
Planet eStream prior to 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
Planetestream Planet Estream
9.1
CVSSv3
CVE-2022-45891
Planet eStream prior to 6.72.10.07 allows malicious users to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList).
Planetestream Planet Estream
5.4
CVSSv3
CVE-2022-45892
In Planet eStream prior to 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username.
Planetestream Planet Estream
8.8
CVSSv3
CVE-2022-45893
Planet eStream prior to 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access.
Planetestream Planet Estream
6.5
CVSSv3
CVE-2022-45894
GetFile.aspx in Planet eStream prior to 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.
Planetestream Planet Estream
9.8
CVSSv3
CVE-2022-45896
Planet eStream prior to 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.
Planetestream Planet Estream
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook