|
313721
|
9.8 |
CRITICAL
Network
|
microfocus
|
edirectory
|
Possible
External Service Interaction attack
in eDirectory has been discovered in
OpenText™ eDirectory. This impact all version before 9.2.6.0000.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-38132
|
2024-09-19 06:04 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313722
|
6.1 |
MEDIUM
Network
|
microfocus
|
edirectory
|
Possible Cross-Site Scripting (XSS) Vulnerability
in eDirectory has been discovered in
OpenText™ eDirectory 9.2.5.0000.
|
CWE-79
Cross-site Scripting
|
CVE-2021-38131
|
2024-09-19 06:00 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313723
|
6.1 |
MEDIUM
Network
|
i-doit
|
i-doit
|
Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the …
|
CWE-79
Cross-site Scripting
|
CVE-2024-8750
|
2024-09-19 05:38 |
2024-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313724
|
5.3 |
MEDIUM
Network
|
ordat
|
ordat.erp
|
User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password func…
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2024-34336
|
2024-09-19 05:32 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313725
|
6.1 |
MEDIUM
Network
|
ordat
|
ordat.erp
|
ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.
|
CWE-79
Cross-site Scripting
|
CVE-2024-34335
|
2024-09-19 05:32 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313726
|
7.5 |
HIGH
Network
|
ordat
|
ordat.erp
|
ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
|
CWE-89
SQL Injection
|
CVE-2024-34334
|
2024-09-19 05:32 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313727
|
9.8 |
CRITICAL
Network
|
soplanning
|
soplanning
|
A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publ…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2024-27115
|
2024-09-19 05:32 |
2024-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313728
|
3.1 |
LOW
Network
|
keyfactor
|
ejbca
|
The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CM…
|
NVD-CWE-noinfo
|
CVE-2024-36066
|
2024-09-19 05:28 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313729
|
7.8 |
HIGH
Local
|
wibu
|
wibukey
|
An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in ke…
|
CWE-787
Out-of-bounds Write
|
CVE-2024-45181
|
2024-09-19 05:26 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
313730
|
6.1 |
MEDIUM
Network
|
discourse
|
calendar
|
Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only aff…
|
CWE-79
Cross-site Scripting
|
CVE-2024-45303
|
2024-09-19 05:25 |
2024-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
