CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2024-10121 – wfh45678 Radar Interface authorization
https://notcve.org/view.php?id=CVE-2024-10121
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical. This issue affects some unknown processing of the component Interface Handler. The manipulation with the input /../ leads to authorization bypass. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/weliveby/ForCVE/blob/main/radar%20Authentication%20bypass%20vulnerability.md https://vuldb.com/?ctiid.280913 https://vuldb.com/?id.280913 https://vuldb.com/?submit.420960 • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1CVE-2024-10120 – wfh45678 Radar upload unrestricted upload
https://notcve.org/view.php?id=CVE-2024-10120
A vulnerability has been found in wfh45678 Radar up to 1.0.8 and classified as critical. This vulnerability affects unknown code of the file /services/v1/common/upload. The manipulation of the argument file leads to unrestricted upload. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://github.com/weliveby/ForCVE/blob/main/radar%20Arbitrary%20file%20upload%20vulnerability.md https://vuldb.com/?ctiid.280912 https://vuldb.com/?id.280912 https://vuldb.com/?submit.420959 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6324 – F-Secure Radar Open Redirect
https://notcve.org/view.php?id=CVE-2018-6324
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login. F-Secure Radar (local) anterior a 2018-02-15 tiene una redirección no válida mediante el parámetro ReturnUrl que se desencadena al iniciar sesión un usuario. F-Secure Radar suffers from an open redirection vulnerability. • http://oscarhjelm.com/blag/2018/02/f-secure-radar-login-page-unvalidated-redirect-vulnerability http://www.securityfocus.com/bid/103208 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-6189 – F-Secure Radar Cross Site Scripting
https://notcve.org/view.php?id=CVE-2018-6189
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue. F-Secure Radar (local) anterior a 2018-02-15 tiene XSS mediante vectores relacionados con el parámetro Tags en el cuerpo de la petición JSON en una petición saliente para el recurso /api/latest/vulnerabilityscans/tags/batch. Esto también se conoce como problema "suggested metadata tags for assets". F-Secure Radar suffers from a persistent cross site scripting vulnerability. • http://oscarhjelm.com/blag/2018/02/f-secure-radar-persistent-cross-site-scripting-vulnerability http://www.securityfocus.com/bid/103100 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •