Search Results | AttackerKB

Show filters

Topics 6 Users 9,708

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

6 Total Results

Displaying 1-6 of 6

Attacker Value

Unknown

CVE-2023-48848

Disclosure Date: November 28, 2023 (last updated December 05, 2023)

An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2023-24187

Disclosure Date: February 14, 2023 (last updated October 08, 2023)

An XML External Entity (XXE) vulnerability in ureport v2.2.9 allows attackers to execute arbitrary code via uploading a crafted XML file to /ureport/designer/saveReportFile.

Attack Vector: Local Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2023-24188

Disclosure Date: February 13, 2023 (last updated October 08, 2023)

ureport v2.2.9 was discovered to contain a directory traversal vulnerability via the deletion function which allows for arbitrary files to be deleted.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2020-21124

Disclosure Date: September 15, 2021 (last updated November 29, 2024)

UReport 2.2.9 allows attackers to execute arbitrary code due to a lack of access control to the designer page.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2020-21122

Disclosure Date: September 15, 2021 (last updated November 29, 2024)

UReport v2.2.9 contains a Server-Side Request Forgery (SSRF) in the designer page which allows attackers to detect intranet device ports.

Attack Vector: Network Privileges: None User Interaction: None

0

Attacker Value

Unknown

CVE-2020-21125

Disclosure Date: September 15, 2021 (last updated November 29, 2024)

An arbitrary file creation vulnerability in UReport 2.2.9 allows attackers to execute arbitrary code.

Attack Vector: Network Privileges: None User Interaction: None

0