Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
aaron bishop vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-11682
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all reque...
Castel Nextgen Dvr Firmware 1.0.0
4
CVSSv2
CVE-2020-11680
Castel NextGen DVR v1.0.0 is vulnerable to authorization bypass on all administrator functionality. The application fails to check that a request was submitted by an administrator. Consequently, a normal user can perform actions including, but not limited to, creating/modifying t...
Castel Nextgen Dvr Firmware 1.0.0
6.5
CVSSv2
CVE-2020-11679
Castel NextGen DVR v1.0.0 is vulnerable to privilege escalation through the Adminstrator/Users/Edit/:UserId functionality. Adminstrator/Users/Edit/:UserId fails to check that the request was submitted by an Administrator. This allows a normal user to escalate their privileges by ...
Castel Nextgen Dvr Firmware 1.0.0
4
CVSSv2
CVE-2020-11681
Castel NextGen DVR v1.0.0 stores and displays credentials for the associated SMTP server in cleartext. Low privileged users can exploit this to create an administrator user and obtain the SMTP credentials.
Castel Nextgen Dvr Firmware 1.0.0
4.3
CVSSv2
CVE-2020-5497
The OpenID Connect reference implementation for MITREid Connect up to and including 1.3.3 allows XSS due to userInfoJson being included in the page unsanitized. This is related to header.tag. The issue can be exploited to execute arbitrary JavaScript.
Mitreid Connect
6.5
CVSSv2
CVE-2019-17119
Multiple SQL injection vulnerabilities in Logs.jsp in WiKID 2FA Enterprise Server up to and including 4.2.0-b2053 allow authenticated users to execute arbitrary SQL commands via the source or subString parameter.
Wikidsystems Two Factor Authentication Enterprise Server
4.3
CVSSv2
CVE-2019-17120
A stored and reflected cross-site scripting (XSS) vulnerability in WiKID 2FA Enterprise Server up to and including 4.2.0-b2047 allow remote malicious users to inject arbitrary web script or HTML via /WiKIDAdmin/adm_usrs.jsp. The usr parameter is vulnerable: the reflected cross-si...
Wikidsystems 2fa Enterprise Server 3.4.85
Wikidsystems 2fa Enterprise Server 3.4.87
Wikidsystems 2fa Enterprise Server 3.5.0
Wikidsystems 2fa Enterprise Server 4.0
Wikidsystems 2fa Enterprise Server 4.0.1
Wikidsystems 2fa Enterprise Server 4.1.0
Wikidsystems 2fa Enterprise Server 4.2.0
Wikidsystems 2fa Enterprise Server 3.6.0
Wikidsystems 2fa Enterprise Server 4.0.2
Wikidsystems 2fa Enterprise Server 3.4.81
4.3
CVSSv2
CVE-2019-17115
Multiple cross-site scripting (XSS) vulnerabilities in WiKID 2FA Enterprise Server up to and including 4.2.0-b2047 allow remote malicious users to inject arbitrary web script or HTML that is triggered when Logs.jsp is visited. The rendered_message column is retrieved and displaye...
Wikidsystems Two Factor Authentication Enterprise Server
6.5
CVSSv2
CVE-2019-17117
A SQL injection vulnerability in processPref.jsp in WiKID 2FA Enterprise Server up to and including 4.2.0-b2053 allows an authenticated user to execute arbitrary SQL commands via the processPref.jsp key parameter.
Wikidsystems 2fa Enterprise Server 3.5.0
Wikidsystems 2fa Enterprise Server 3.4.85
Wikidsystems 2fa Enterprise Server 4.0
Wikidsystems 2fa Enterprise Server 4.0.1
Wikidsystems 2fa Enterprise Server 4.1.0
Wikidsystems 2fa Enterprise Server 4.2.0
Wikidsystems 2fa Enterprise Server 4.0.2
Wikidsystems 2fa Enterprise Server 3.4.87
Wikidsystems 2fa Enterprise Server 3.6.0
Wikidsystems 2fa Enterprise Server 3.4.81
6.8
CVSSv2
CVE-2019-17118
A CSRF issue in WiKID 2FA Enterprise Server up to and including 4.2.0-b2053 allows a remote malicious user to trick an authenticated user into performing unintended actions such as (1) create or delete admin users; (2) create or delete groups; or (3) create, delete, enable, or di...
Wikidsystems 2fa Enterprise Server 3.4.87
Wikidsystems 2fa Enterprise Server 3.5.0
Wikidsystems 2fa Enterprise Server 3.6.0
Wikidsystems 2fa Enterprise Server 4.0.1
Wikidsystems 2fa Enterprise Server 4.0.2
Wikidsystems 2fa Enterprise Server 4.2.0
Wikidsystems 2fa Enterprise Server 3.4.81
Wikidsystems 2fa Enterprise Server 3.4.85
Wikidsystems 2fa Enterprise Server 4.1.0
Wikidsystems 2fa Enterprise Server 4.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »