Search Results | AttackerKB

Show filters

Topics 36 Users 9,713

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

36 Total Results

Displaying 1-10 of 36

Attacker Value

Unknown

CVE-2025-23574

Disclosure Date: January 27, 2025 (last updated January 28, 2025)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jonathan Lau CubePM allows Reflected XSS. This issue affects CubePM: from n/a through 1.0.

0

Attacker Value

Unknown

CVE-2024-37376

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

0

Attacker Value

Unknown

CVE-2024-34787

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

Path traversal in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a local unauthenticated attacker to achieve code execution. User interaction is required.

0

Attacker Value

Unknown

CVE-2024-34784

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

0

Attacker Value

Unknown

CVE-2024-34782

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

0

Attacker Value

Unknown

CVE-2024-34781

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

0

Attacker Value

Unknown

CVE-2024-34780

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

0

Attacker Value

Unknown

CVE-2024-32847

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

0

Attacker Value

Unknown

CVE-2024-32847

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

0

Attacker Value

Unknown

CVE-2024-32844

Disclosure Date: November 13, 2024 (last updated November 13, 2024)

SQL injection in Ivanti Endpoint Manager before 2024 November Security Update or 2022 SU6 November Security Update allows a remote authenticated attacker with admin privileges to achieve remote code execution.

0