Blakduk

12 exploits Active since Jan 2023
CVE-2021-37498 WRITEUP MEDIUM WRITEUP
Reprisesoftware Reprise License Manager < 17.0 - SSRF
An SSRF issue was discovered in Reprise License Manager (RLM) web interface through 14.2BL4 that allows remote attackers to trigger outbound requests to intranet servers, conduct port scans via the actserver parameter in License Activation function.
CVSS 6.5
CVE-2021-37499 WRITEUP MEDIUM WRITEUP
Reprisesoftware Reprise License Manager < 17.0 - Injection
CRLF vulnerability in Reprise License Manager (RLM) web interface through 14.2BL4 in the password parameter in View License Result function, that allows remote attackers to inject arbitrary HTTP headers.
CVSS 6.5
CVE-2021-37500 WRITEUP HIGH WRITEUP
Reprisesoftware Reprise License Manager < 16.0 - Path Traversal
Directory traversal vulnerability in Reprise License Manager (RLM) web interface before 14.2BL4 in the diagnostics function that allows RLM users with sufficient privileges to overwrite any file the on the server.
CVSS 8.1
CVE-2023-24322 WRITEUP MEDIUM WRITEUP
mojoPortal v2.7.0.0 - XSS
A reflected cross-site scripting (XSS) vulnerability in the FileDialog.aspx component of mojoPortal v2.7.0.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the ed and tbi parameters.
CVSS 6.1
CVE-2023-24323 WRITEUP HIGH WRITEUP
Mojoportal v2.7 - XXE Injection
Mojoportal v2.7 was discovered to contain an authenticated XML external entity (XXE) injection vulnerability.
CVSS 8.8
CVE-2023-24684 WRITEUP HIGH WRITEUP
ChurchCRM <4.5.3 - SQL Injection
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the EID parameter at GetText.php.
CVSS 7.2
CVE-2023-24685 WRITEUP HIGH WRITEUP
ChurchCRM <4.5.3 - SQL Injection
ChurchCRM v4.5.3 and below was discovered to contain a SQL injection vulnerability via the Event parameter under the Event Attendance reports module.
CVSS 7.2
CVE-2023-24686 WRITEUP MEDIUM WRITEUP
ChurchCRM <4.5.3 - RCE
An issue in the CSV Import function of ChurchCRM v4.5.3 and below allows attackers to execute arbitrary code via importing a crafted CSV file.
CVSS 4.8
CVE-2023-24687 WRITEUP MEDIUM WRITEUP
Mojoportal v2.7.0.0 - XSS
Mojoportal v2.7.0.0 was discovered to contain a stored cross-site scripting (XSS) vulnerability in the Company Info Settings component. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the txtCompanyName parameter.
CVSS 5.4
CVE-2023-24688 WRITEUP MEDIUM WRITEUP
Mojoportal v2.7.0.0 - Auth Bypass
An issue in Mojoportal v2.7.0.0 allows an unauthenticated attacker to register a new user even if the Allow User Registrations feature is disabled.
CVSS 5.3
CVE-2023-24689 WRITEUP MEDIUM WRITEUP
Mojoportal <2.7.0.0 - Info Disclosure
An issue in Mojoportal v2.7.0.0 and below allows an authenticated attacker to list all css files inside the root path of the webserver via manipulation of the "s" parameter in /DesignTools/ManageSkin.aspx
CVSS 4.3
CVE-2023-24690 WRITEUP MEDIUM WRITEUP
ChurchCRM <4.5.3 - XSS
ChurchCRM 4.5.3 and below was discovered to contain a stored cross-site scripting (XSS) vulnerability at /api/public/register/family.
CVSS 5.4