Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
philipp espernberger vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-31202
The export function in SoftGuard Web (SGW) prior to 5.1.5 allows directory traversal to read an arbitrary local file via export or man.tcl.
Monitoringsoft Softguard Web
NA
CVE-2022-31201
SoftGuard Web (SGW) prior to 5.1.5 allows HTML injection.
Monitoringsoft Softguard Web
NA
CVE-2022-45889
Planet eStream prior to 6.72.10.07 allows a remote attacker (who is a publisher or admin) to obtain access to all records stored in the database, and achieve the ability to execute arbitrary SQL commands, via Search (the StatisticsResults.aspx flt parameter).
Planetestream Planet Estream
NA
CVE-2022-45890
In Planet eStream prior to 6.72.10.07, a Reflected Cross-Site Scripting (XSS) vulnerability exists via any metadata filter field (e.g., search within Default.aspx with the r or fo parameter).
Planetestream Planet Estream
NA
CVE-2022-45891
Planet eStream prior to 6.72.10.07 allows malicious users to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList).
Planetestream Planet Estream
NA
CVE-2022-45892
In Planet eStream prior to 6.72.10.07, multiple Stored Cross-Site Scripting (XSS) vulnerabilities exist: Disclaimer, Search Function, Comments, Batch editing tool, Content Creation, Related Media, Create new user, and Change Username.
Planetestream Planet Estream
NA
CVE-2022-45893
Planet eStream prior to 6.72.10.07 allows a low-privileged user to gain access to administrative and high-privileged user accounts by changing the value of the ON cookie. A brute-force attack can calculate a value that provides permanent access.
Planetestream Planet Estream
NA
CVE-2022-45894
GetFile.aspx in Planet eStream prior to 6.72.10.07 allows ..\ directory traversal to read arbitrary local files.
Planetestream Planet Estream
NA
CVE-2022-45895
Planet eStream prior to 6.72.10.07 discloses sensitive information, related to the ON cookie (findable in HTML source code for Default.aspx in some situations) and the WhoAmI endpoint (e.g., path disclosure).
Planetestream Planet Estream
NA
CVE-2022-45896
Planet eStream prior to 6.72.10.07 allows unauthenticated upload of arbitrary files: Choose a Video / Related Media or Upload Document. Upload2.ashx can be used, or Ajax.asmx/ProcessUpload2. This leads to remote code execution.
Planetestream Planet Estream
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started