CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20117 – TrueConf Server group DOM cross site scripting
https://notcve.org/view.php?id=CVE-2017-20117
29 Jun 2022 — A vulnerability was found in TrueConf Server 4.3.7. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/group. The manipulation leads to basic cross site scripting (DOM). The attack can be launched remotely. • https://vuldb.com/?id.96631 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20116 – TrueConf Server Reflected cross site scripting
https://notcve.org/view.php?id=CVE-2017-20116
29 Jun 2022 — A vulnerability was found in TrueConf Server 4.3.7. It has been classified as problematic. Affected is an unknown function of the file /admin/group/list/. The manipulation of the argument checked_group_id leads to basic cross site scripting (Reflected). It is possible to launch the attack remotely. • https://vuldb.com/?id.96630 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20115 – TrueConf Server Reflected cross site scripting
https://notcve.org/view.php?id=CVE-2017-20115
29 Jun 2022 — A vulnerability was found in TrueConf Server 4.3.7 and classified as problematic. This issue affects some unknown processing of the file /admin/conferences/list/. The manipulation of the argument sort leads to basic cross site scripting (Reflected). The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96629 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20114 – TrueConf Server Reflected cross site scripting
https://notcve.org/view.php?id=CVE-2017-20114
29 Jun 2022 — A vulnerability has been found in TrueConf Server 4.3.7 and classified as problematic. This vulnerability affects unknown code of the file /admin/conferences/get-all-status/. The manipulation of the argument keys[] leads to basic cross site scripting (Reflected). The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96628 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2017-20113 – TrueConf Server Stored cross site scripting
https://notcve.org/view.php?id=CVE-2017-20113
29 Jun 2022 — A vulnerability, which was classified as problematic, was found in TrueConf Server 4.3.7. This affects an unknown part. The manipulation leads to basic cross site scripting (Stored). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://vuldb.com/?id.96627 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) •
CVSS: 5.2EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41810 – Script injection in M-Files Server products with versions before 22.2.11051.0, allows executing stored script in admin tool
https://notcve.org/view.php?id=CVE-2021-41810
02 May 2022 — Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable La herramienta de administración permite almacenar datos de configuración con un script que puede ser ejecutado por otro administrador de la bóveda. Requiere autenticación a nivel de administrador de la bóveda y no es explotable remotamente • https://www.m-files.com/about/trust-center/security-advisories/cve-2021-41810 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42973
https://notcve.org/view.php?id=CVE-2021-42973
07 Dec 2021 — NoMachine Server is affected by Integer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Server está afectado por un desbordamiento de enteros. IOCTL Handler 0x22001B en NoMachine Server versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a atacantes locales ejecutar código arbitrario ... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-42972
https://notcve.org/view.php?id=CVE-2021-42972
07 Dec 2021 — NoMachine Server is affected by Buffer Overflow. IOCTL Handler 0x22001B in the NoMachine Server above 4.0.346 and below 7.7.4 allow local attackers to execute arbitrary code in kernel mode or cause a denial of service (memory corruption and OS crash) via specially crafted I/O Request Packet. NoMachine Server está afectado por el Desbordamiento del Búfer. IOCTL Handler 0x22001B en NoMachine Server versiones posteriores de 4.0.346 y anteriores a 7.7.4, permite a atacantes locales ejecutar código arbitrario en... • https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2021-31816
https://notcve.org/view.php?id=CVE-2021-31816
08 Jul 2021 — When configuring Octopus Server if it is configured with an external SQL database, on initial configuration the database password is written to the OctopusServer.txt log file in plaintext. Cuando se configura Octopus Server, si está configurado con una base de datos SQL externa, en la configuración inicial la contraseña de la base de datos se escribe en el archivo de registro OctopusServer.txt en texto plano • https://advisories.octopus.com/adv/2021-05---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-31816%29.2121793537.html • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2021-30183
https://notcve.org/view.php?id=CVE-2021-30183
14 May 2021 — Cleartext storage of sensitive information in multiple versions of Octopus Server where in certain situations when running import or export processes, the password used to encrypt and decrypt sensitive values would be written to the logs in plaintext. Un almacenamiento de texto sin cifrar de información confidencial en múltiples versiones de Octopus Server, donde en determinadas situaciones cuando se ejecutan procesos de importación o exportación, la contraseña usada para cifrar y descifrar valores confiden... • https://advisories.octopus.com/adv/2021-03---Cleartext-Storage-of-Sensitive-Information-%28CVE-2021-30183%29.1817083941.html • CWE-312: Cleartext Storage of Sensitive Information •