Show filters
213 Total Results
Displaying 61-70 of 213
Sort by:
Attacker Value
Unknown

CVE-2024-5012

Disclosure Date: June 25, 2024 (last updated August 22, 2024)
In WhatsUp Gold versions released before 2023.1.3, there is a missing authentication vulnerability in WUGDataAccess.Credentials. This vulnerability allows unauthenticated attackers to disclose Windows Credentials stored in the product Credential Library.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-5011

Disclosure Date: June 25, 2024 (last updated September 07, 2024)
In WhatsUp Gold versions released before 2023.1.3, an uncontrolled resource consumption vulnerability exists. A specially crafted unauthenticated HTTP request to the TestController Chart functionality can lead to denial of service.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-5010

Disclosure Date: June 25, 2024 (last updated September 07, 2024)
In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality.  A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-5009

Disclosure Date: June 25, 2024 (last updated September 07, 2024)
In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password.
Attack Vector: LocalPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-5008

Disclosure Date: June 25, 2024 (last updated September 07, 2024)
In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-4885

Disclosure Date: June 25, 2024 (last updated September 07, 2024)
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-4884

Disclosure Date: June 25, 2024 (last updated September 07, 2024)
In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold.  The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-4883

Disclosure Date: June 25, 2024 (last updated September 07, 2024)
In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2024-5805

Disclosure Date: June 25, 2024 (last updated August 21, 2024)
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-27636

Disclosure Date: June 16, 2024 (last updated August 09, 2024)
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
Attack Vector: NetworkPrivileges: LowUser Interaction: Required
0
0
View More Topics  < Previous  Next >