Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
erik steltzner vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2020-29550
An issue exists in URVE Build 24.03.2020. The password of an integration user account (used for the connection of the MS Office 365 Integration Service) is stored in cleartext in configuration files as well as in the database. The following files contain the password in cleartext...
Urve Urve 24.03.2020
9.1
CVSSv3
CVE-2020-29551
An issue exists in URVE Build 24.03.2020. Using the _internal/pc/shutdown.php path, it is possible to shutdown the system. Among others, the following files and scripts are also accessible: _internal/pc/abort.php, _internal/pc/restart.php, _internal/pc/vpro.php, _internal/pc/wake...
Urve Urve 24.03.2020
9.8
CVSSv3
CVE-2020-29552
An issue exists in URVE Build 24.03.2020. By using the _internal/pc/vpro.php?mac=0&ip=0&operation=0&usr=0&pass=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root.
Urve Urve 24.03.2020
7.5
CVSSv3
CVE-2019-16906
An issue exists in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. By using plugins/servlet/nfj/PushNotification?username= with a modified username, a different user's notifications can be read without authentication/authorization. These ...
Infosysta In-app \\& Desktop Notifications 1.6.13 J8
5.3
CVSSv3
CVE-2019-16907
An issue exists in the Infosysta "In-App & Desktop Notifications" app 1.6.13_J8 for Jira. It is possible to obtain a list of all valid Jira usernames without authentication/authorization via the plugins/servlet/nfj/UserFilter?searchQuery=@ URI.
Infosysta In-app \\& Desktop Notifications 1.6.13 J8
5.3
CVSSv3
CVE-2019-16908
An issue exists in the Infosysta "In-App & Desktop Notifications" app prior to 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects without authentication/authorization via the plugins/servlet/nfj/ProjectFilter?searchQuery= URI.
Infosysta In-app \\& Desktop Notifications
6.1
CVSSv3
CVE-2021-42078
PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, ...
Php Event Calendar Project Php Event Calendar 2021-11-04
4.3
CVSSv3
CVE-2019-16909
An issue exists in the Infosysta "In-App & Desktop Notifications" app prior to 1.6.14_J8 for Jira. It is possible to obtain a list of all Jira projects (with authentication as a Jira user, but without authorization for specific projects) via the plugins/servlet/nfj/...
Infosysta In-app \\& Desktop Notifications
9.8
CVSSv3
CVE-2021-42077
PHP Event Calendar prior to 2021-09-03 allows SQL injection, as demonstrated by the /server/ajax/user_manager.php username parameter. This can be used to execute SQL statements directly on the database, allowing an adversary in some cases to completely compromise the database sys...
Kaysongroup Php Event Calendar
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started