daniele_m

30 exploits Active since Jan 2024
CVE-2023-42225 WRITEUP HIGH WRITEUP
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 - Path Traversal via Attachment/DownloadTempFile
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.
CVSS 7.5
CVE-2023-42226 WRITEUP HIGH WRITEUP
HelpdeskAdvanced <= 11.0.33 - Path Traversal via Email/SaveAttachment Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.
CVSS 7.5
CVE-2023-42227 WRITEUP HIGH WRITEUP
HelpdeskAdvanced <= 11.0.33 - Path Traversal via WSCView/Save Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.
CVSS 7.5
CVE-2023-42228 WRITEUP HIGH WRITEUP
Zucchetti HelpdeskAdvanced <= 11.0.33 - Incorrect Access Control
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function.
CVSS 8.8
CVE-2023-42229 WRITEUP MEDIUM WRITEUP
HelpdeskAdvanced <= 11.0.33 - Authenticated Path Traversal via WSConnector SOAP Requests
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service.
CVSS 6.5
CVE-2023-42230 WRITEUP MEDIUM WRITEUP
HelpdeskAdvanced <= 11.0.33 - Cross-Site Scripting via WSCView/Save Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the WSCView/Save function.
CVSS 6.1
CVE-2023-42231 WRITEUP HIGH WRITEUP
Zucchetti HelpdeskAdvanced <= 11.0.33 - Incorrect Access Control
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.
CVSS 8.1
CVE-2023-42232 WRITEUP HIGH WRITEUP
HelpdeskAdvanced <= 11.0.33 - Path Traversal via Navigator/Index Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.
CVSS 7.5
CVE-2023-42233 WRITEUP MEDIUM WRITEUP
HelpdeskAdvanced <= 11.0.33 - Cross-Site Scripting via Filter/FilterEditor Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Scripting (XSS) via the Filter/FilterEditor function.
CVSS 6.1
CVE-2023-42234 WRITEUP MEDIUM WRITEUP
HelpdeskAdvanced <= 11.0.33 - Cross-Site Request Forgery via WSCView Function
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Cross Site Request Forgery (CSRF) via the WSCView function.
CVSS 5.4
CVE-2023-42235 WRITEUP LOW WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /monitor/s_normalizedtrans.php Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple parameters of /monitor/s_normalizedtrans.php.
CVSS 3.8
CVE-2023-42236 WRITEUP LOW WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via GET Parameter
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /common/ajaxfunction.php.
CVSS 3.8
CVE-2023-42237 WRITEUP LOW WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via vam_i_command.php GET Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple GET parameters of /vam/vam_i_command.php.
CVSS 3.8
CVE-2023-42238 WRITEUP LOW WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_eps.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_eps.php.
CVSS 3.8
CVE-2023-42239 WRITEUP LOW WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_ep.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_ep.php.
CVSS 3.8
CVE-2023-42240 WRITEUP LOW WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /monitor/s_scheduledfile.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /monitor/s_scheduledfile.php.
CVSS 3.8
CVE-2023-42241 WRITEUP LOW WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via vam_anagraphic.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_anagraphic.php.
CVSS 3.8
CVE-2023-42242 WRITEUP LOW WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via GET Parameter
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in a GET parameter of /monitor/s_terminal.php.
CVSS 3.8
CVE-2023-42243 WRITEUP MEDIUM WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via Administrative Page
In Selesta Visual Access Manager < 4.42.2, an authenticated user can access the administrative page /common/vam_Sql.php, which allows for arbitrary SQL queries.
CVSS 5.4
CVE-2023-42244 WRITEUP HIGH WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated SQL Injection via /vam/vam_visits.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can perform SQL Injection in multiple POST parameters of /vam/vam_visits.php.
CVSS 8.8
CVE-2023-42245 WRITEUP MEDIUM WRITEUP
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via monitor/s_scheduledfile.php
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_scheduledfile.php.
CVSS 6.1
CVE-2023-42246 WRITEUP MEDIUM WRITEUP
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via /vam/vam_ep.php
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via /vam/vam_ep.php.
CVSS 6.1
CVE-2023-42247 WRITEUP MEDIUM WRITEUP
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via monitor/s_monitor_map.php
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via monitor/s_monitor_map.php.
CVSS 6.1
CVE-2023-42248 WRITEUP MEDIUM WRITEUP
Selesta Visual Access Manager < 4.42.2 - Authenticated Arbitrary File Write via vam_Sql.php POST Parameters
An issue was discovered in Selesta Visual Access Manager (VAM) prior to 4.42.2. An authenticated attacker can write arbitrary files by manipulating POST parameters of the page "common/vam_Sql.php".
CVSS 6.5
CVE-2023-42249 WRITEUP MEDIUM WRITEUP
Selesta Visual Access Manager < 4.42.2 - Cross-Site Scripting via vam/vam_visits.php
Selesta Visual Access Manager < 4.42.2 is vulnerable to Cross Site Scripting (XSS) via vam/vam_visits.php.
CVSS 6.1