CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-30372 – Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-30372
22 Aug 2024 — Allegra getLinkText Server-Side Template Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of getLinkText method. The issue results from the lack of proper validation of a user-supplied string before processing it with the template engine. • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-1336: Improper Neutralization of Special Elements Used in a Template Engine •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5581 – Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5581
22 Aug 2024 — Allegra unzipFile Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the unzipFile method. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5580 – Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5580
22 Aug 2024 — Allegra loadFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the loadFieldMatch method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-5579 – Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-5579
22 Aug 2024 — Allegra renderFieldMatch Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the renderFieldMatch method. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. • https://alltena.com/en/resources/release-notes/relnotes-7-5-2 • CWE-502: Deserialization of Untrusted Data •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51639 – Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-51639
09 Feb 2024 — Allegra downloadExportedChart Directory Traversal Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the downloadExportedChart action. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. • https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51638 – Allegra Hard-coded Credentials Authentication Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2023-51638
09 Feb 2024 — Allegra Hard-coded Credentials Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Allegra. Authentication is not required to exploit this vulnerability. The specific flaw exists within the configuration of a database. The issue results from the use of a hardcoded password. • https://www.trackplus.com/en/service/release-notes-reader/7-5-1-release-notes-2.html • CWE-798: Use of Hard-coded Credentials •