Show filters
22 Total Results
Displaying 1-10 of 22
Sort by:
Attacker Value
Unknown

CVE-2024-12564

Disclosure Date: December 12, 2024 (last updated December 21, 2024)
Exposure of Sensitive Information to an Unauthorized Actor vulnerability was discovered in Open Design Alliance CDE inWEB SDK before 2025.3. Installing CDE Server with default settings allows unauthorized users to visit prometheus metrics page. This can allow attackers to understand more things about the target application which may help in further investigation and exploitation.
0
0
Attacker Value
Unknown

CVE-2024-2465

Disclosure Date: March 21, 2024 (last updated November 01, 2024)
Open redirection vulnerability in CDeX application allows to redirect users to arbitrary websites via a specially crafted URL.This issue affects CDeX application versions through 5.7.1.
0
0
Attacker Value
Unknown

CVE-2024-2464

Disclosure Date: March 21, 2024 (last updated October 31, 2024)
This issue occurs during password recovery, where a difference in messages could allow an attacker to determine if the user is valid or not, enabling a brute force attack with valid users.This issue affects CDeX application versions through 5.7.1.
0
0
Attacker Value
Unknown

CVE-2024-2463

Disclosure Date: March 21, 2024 (last updated August 02, 2024)
Weak password recovery mechanism in CDeX application allows to retrieve password reset token.This issue affects CDeX application versions through 5.7.1.
0
0
Attacker Value
Unknown

CVE-2023-39914

Disclosure Date: September 13, 2023 (last updated September 11, 2024)
NLnet Labs' bcder library up to and including version 0.7.2 panics while decoding certain invalid input data rather than rejecting the data with an error. This can affect both the actual decoding stage as well as accessing content of types that utilized delayed decoding.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-30191

Disclosure Date: May 17, 2023 (last updated October 08, 2023)
PrestaShop cdesigner < 3.1.9 is vulnerable to SQL Injection via CdesignerTraitementModuleFrontController::initContent().
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2023-27033

Disclosure Date: April 07, 2023 (last updated October 08, 2023)
Prestashop cdesigner v3.1.3 to v3.1.8 was discovered to contain a code injection vulnerability via the component CdesignerSaverotateModuleFrontController::initContent().
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2014-100035

Disclosure Date: January 13, 2015 (last updated October 05, 2023)
SQL injection vulnerability in the ticket grid in the admin interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2014-100034

Disclosure Date: January 13, 2015 (last updated October 05, 2023)
Cross-site scripting (XSS) vulnerability in the frontend interface in LicensePal ArcticDesk before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
0
0
Attacker Value
Unknown

CVE-2014-100033

Disclosure Date: January 13, 2015 (last updated October 05, 2023)
Directory traversal vulnerability in LicensePal ArcticDesk before 1.2.5 allows remote attackers to read arbitrary files via unspecified vectors.
0
0
View More Topics  Next >