Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
erik steltzner vulnerabilities and exploits
(subscribe to this query)
445
VMScore
CVE-2020-29550
An issue exists in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext...
Urve Urve 24.03.2020
756
VMScore
CVE-2020-29551
An issue exists in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/wake...
Urve Urve 24.03.2020
890
VMScore
CVE-2020-29552
An issue exists in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.
Urve Urve 24.03.2020
445
VMScore
CVE-2019-16906
An issue exists in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These ...
Infosysta In-app \\& Desktop Notifications 1.6.13 J8
445
VMScore
CVE-2019-16907
An issue exists in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.
Infosysta In-app \\& Desktop Notifications 1.6.13 J8
445
VMScore
CVE-2019-16908
An issue exists in the Infosysta "In-App & Desktop Notifications" app prior to 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI.
Infosysta In-app \\& Desktop Notifications
890
VMScore
CVE-2021-42077
PHP Event Calendar prior to 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database sys...
Kaysongroup Php Event Calendar
383
VMScore
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, ...
Php Event Calendar Project Php Event Calendar 2021-11-04
356
VMScore
CVE-2019-16909
An issue exists in the Infosysta "In-App & Desktop Notifications" app prior to 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/...
Infosysta In-app \\& Desktop Notifications
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started