daniele_m

30 exploits Active since Jan 2024

CVE-2023-42225 WRITEUP HIGH WRITEUP

Zucchetti Helpdeskadvanced < 11.0.33 - Path Traversal

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.

CVSS 7.5

View Code

CVE-2023-42226 WRITEUP HIGH WRITEUP

Zucchetti Helpdeskadvanced < 11.0.33 - Path Traversal

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.

CVSS 7.5

View Code

CVE-2023-42227 WRITEUP HIGH WRITEUP

Zucchetti Helpdeskadvanced < 11.0.33 - Path Traversal

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.

CVSS 7.5

View Code

CVE-2023-42228 WRITEUP HIGH WRITEUP

Zucchetti HelpdeskAdvanced <= 11.0.33 - Incorrect Access Control

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function.

CVSS 8.8

View Code

CVE-2023-42229 WRITEUP MEDIUM WRITEUP

Zucchetti Helpdeskadvanced < 11.0.33 - Path Traversal

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service.

CVSS 6.5

View Code

CVE-2023-42230 WRITEUP MEDIUM WRITEUP

Zucchetti Helpdeskadvanced < 11.0.33 - XSS

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.

CVSS 6.1

View Code

CVE-2023-42231 WRITEUP HIGH WRITEUP

Zucchetti HelpdeskAdvanced <= 11.0.33 - Incorrect Access Control

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.

CVSS 8.1

View Code

CVE-2023-42232 WRITEUP HIGH WRITEUP

Zucchetti Helpdeskadvanced < 11.0.33 - Path Traversal

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.

CVSS 7.5

View Code

CVE-2023-42233 WRITEUP MEDIUM WRITEUP

Zucchetti Helpdeskadvanced < 11.0.33 - XSS

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.

CVSS 6.1

View Code

CVE-2023-42234 WRITEUP MEDIUM WRITEUP

Zucchetti Helpdeskadvanced < 11.0.33 - CSRF

Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.

CVSS 5.4

View Code

CVE-2023-42235 WRITEUP LOW WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.

CVSS 3.8

View Code

CVE-2023-42236 WRITEUP LOW WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.

CVSS 3.8

View Code

CVE-2023-42237 WRITEUP LOW WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.

CVSS 3.8

View Code

CVE-2023-42238 WRITEUP LOW WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.

CVSS 3.8

View Code

CVE-2023-42239 WRITEUP LOW WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.

CVSS 3.8

View Code

CVE-2023-42240 WRITEUP LOW WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.

CVSS 3.8

View Code

CVE-2023-42241 WRITEUP LOW WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.

CVSS 3.8

View Code

CVE-2023-42242 WRITEUP LOW WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.

CVSS 3.8

View Code

CVE-2023-42243 WRITEUP MEDIUM WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.

CVSS 5.4

View Code

CVE-2023-42244 WRITEUP HIGH WRITEUP

Seling Visual Access Manager < 4.42.2 - SQL Injection

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.

CVSS 8.8

View Code

CVE-2023-42245 WRITEUP MEDIUM WRITEUP

Seling Visual Access Manager < 4.42.2 - XSS

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.

CVSS 6.1

View Code

CVE-2023-42246 WRITEUP MEDIUM WRITEUP

Seling Visual Access Manager < 4.42.2 - XSS

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.

CVSS 6.1

View Code

CVE-2023-42247 WRITEUP MEDIUM WRITEUP

Seling Visual Access Manager < 4.42.2 - XSS

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.

CVSS 6.1

View Code

CVE-2023-42248 WRITEUP MEDIUM WRITEUP

Seling Visual Access Manager < 4.42.2 - Unrestricted File Upload

An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".

CVSS 6.5

View Code

CVE-2023-42249 WRITEUP MEDIUM WRITEUP

Seling Visual Access Manager < 4.42.2 - XSS

Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.

CVSS 6.1

View Code