| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| In the PrepareCDExportJSON.pl service, the "getPerfServiceIds" function is vulnerable to SQL injection. |
| In the PatientService.pl service, the "getPatientIdentifier" function is vulnerable to SQL injection through the "pesel" parameter. |
| The paths "/cgi-bin/CliniNET.prd/utils/userlogstat.pl", "/cgi-bin/CliniNET.prd/utils/usrlogstat.pl", and "/cgi-bin/CliniNET.prd/utils/dblogstat.pl" expose data containing session IDs. |
| The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the "/cgi-bin/CliniNET.prd/utils/userlogxls.pl" endpoint. |
| Unauthenticated access to the "/cgi-bin/CliniNET.prd/GetActiveSessions.pl" endpoint allows takeover of any user session logged into the system, including users with admin privileges. |
| The system exposes several endpoints, typically including "/int/" in their path, that should be restricted to internal services, but are instead publicly accessible without authentication to any host able to reach the application server on port 443/tcp. |
| Stored XSS vulnerability exists in the "Oddział" (Ward) module, in the death diagnosis description field, and allows the execution of arbitrary JavaScript code. This can lead to session hijacking of other users and potentially to privilege escalation up to full administrative rights. |
| In the Print.pl service, the "uhcPrintServerPrint" function allows execution of arbitrary code via the "CopyCounter" parameter. |
| A vulnerability in the Virtual Keyboard Video Monitor (vKVM) connection handling of Cisco Integrated Management Controller (IMC) could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious code into a specific data field in the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must have valid user credentials with privileges that allow for vKVM access on the affected device.
Note: The affected vKVM client is also included in Cisco UCS Manager. |
| A vulnerability in the web-based management interface of Cisco UCS Manager Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface.
This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected system. An attacker could exploit this vulnerability by injecting malicious data into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit this vulnerability, the attacker must be a member of the Administrator or AAA Administrator role. |
| A vulnerability in the Protocol Independent Multicast Version 6 (PIM6) feature of Cisco Nexus 3000 Series Switches and Cisco Nexus 9000 Series Switches in standalone NX-OS mode could allow an authenticated, low-privileged, remote attacker to trigger a crash of the PIM6 process, resulting in a denial of service (DoS) condition.
This vulnerability is due to improper processing of PIM6 ephemeral data queries. An attacker could exploit this vulnerability by sending a crafted ephemeral query to an affected device through one of the following methods: NX-API REST, NETCONF, RESTConf, gRPC, or Model Driven Telemetry. A successful exploit could allow the attacker to cause the PIM6 process to crash and restart, causing potential adjacency flaps and resulting in a DoS of the PIM6 and ephemeral query processes. |
| A command injection vulnerability in Dahua EIMS versions prior to 2240008 allows unauthenticated remote attackers to execute arbitrary system commands via the capture_handle.action interface. The flaw stems from improper input validation in the captureCommand parameter, which is processed without sanitization or authentication. By sending crafted HTTP requests, attackers can inject OS-level commands that are executed on the server, leading to full system compromise. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-04-06 UTC. |
| QiAnXin TianQing Management Center versions up to and including 6.7.0.4130 contain a path traversal vulnerability in the rptsvr component that allows unauthenticated attackers to upload files to arbitrary locations on the server. The /rptsvr/upload endpoint fails to sanitize the filename parameter in multipart form-data requests, enabling path traversal. This allows attackers to place executable files in web-accessible directories, potentially leading to remote code execution. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-23 UTC. |
| LiveBOS, an object-oriented business architecture middleware suite developed by Apex Software Co., Ltd., contains an arbitrary file upload vulnerability in its UploadFile.do;.js.jsp endpoint. This flaw affects the LiveBOS Server component and allows unauthenticated remote attackers to upload crafted files outside the intended directory structure via path traversal in the filename parameter. Successful exploitation may lead to remote code execution on the server, enabling full system compromise. The vulnerability is presumed to affect builds released prior to August 2024 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-08-23 UTC. |
| Missing Authorization vulnerability in inkthemes WP Mailgun SMTP allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WP Mailgun SMTP: from n/a through 1.0.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Finn Dohrn Statify Widget allows Stored XSS. This issue affects Statify Widget: from n/a through 1.4.6. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mibuthu Link View allows Stored XSS. This issue affects Link View: from n/a through 0.8.0. |
| A path traversal vulnerability exists in the Dahua Smart Park Integrated Management Platform (also referred to as the Dahua Smart Campus Integrated Management Platform), affecting the SOAP-based GIS bitmap upload interface. The flaw allows unauthenticated remote attackers to upload arbitrary files to the server via crafted SOAP requests, including executable JSP payloads. Successful exploitation may lead to remote code execution (RCE) and full compromise of the affected system. The vulnerability is presumed to affect builds released prior to September 2023 and is said to be remediated in newer versions of the product, though the exact affected range remains undefined. Exploitation evidence was first observed by the Shadowserver Foundation on 2024-02-15 UTC. |
| SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier) allows a remote unauthenticated attacker to upload arbitrary files and execute OS commands with SYSTEM privileges. |
| The File Manager, Code Editor, and Backup by Managefy plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.8 via the ajax_downloadfile() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. |
