Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
philipp espernberger vulnerabilities and exploits
(subscribe to this query)
5.4
CVSSv3
CVE-2022-31201
SoftGuard Web (SGW) prior to 5.1.5 allows HTML injection.
Monitoringsoft Softguard Web
6.5
CVSSv3
CVE-2022-31202
The export function in SoftGuard Web (SGW) prior to 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.
Monitoringsoft Softguard Web
7.2
CVSSv3
CVE-2022-45889
Planet eStream prior to 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).
Planetestream Planet Estream
6.1
CVSSv3
CVE-2022-45890
In Planet eStream prior to 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter).
Planetestream Planet Estream
6.5
CVSSv3
CVE-2022-45895
Planet eStream prior to 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
Planetestream Planet Estream
9.1
CVSSv3
CVE-2022-45891
Planet eStream prior to 6.72.10.07 allows malicious users to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList).
Planetestream Planet Estream
5.4
CVSSv3
CVE-2022-45892
In Planet eStream prior to 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username.
Planetestream Planet Estream
8.8
CVSSv3
CVE-2022-45893
Planet eStream prior to 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access.
Planetestream Planet Estream
6.5
CVSSv3
CVE-2022-45894
GetFile.aspx in Planet eStream prior to 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.
Planetestream Planet Estream
9.8
CVSSv3
CVE-2022-45896
Planet eStream prior to 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.
Planetestream Planet Estream
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started