eric

6 exploits Active since Oct 2021
CVE-2021-32664 WRITEUP HIGH WRITEUP
Combodo iTop < 2.6.5 - Authenticated Stored Cross-Site Scripting on Run Query Page
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
CVSS 8.1
CVE-2021-32663 WRITEUP HIGH WRITEUP
iTop < 2.6.5 - Unauthenticated Server-Side Request Forgery
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
CVSS 8.7
CVE-2021-32664 WRITEUP HIGH WRITEUP
Combodo iTop < 2.6.5 - Authenticated Stored Cross-Site Scripting on Run Query Page
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
CVSS 8.1
CVE-2021-32663 WRITEUP HIGH WRITEUP
iTop < 2.6.5 - Unauthenticated Server-Side Request Forgery
iTop is an open source web based IT Service Management tool. In affected versions an attacker can call the system setup without authentication. Given specific parameters this can lead to SSRF. This issue has been resolved in versions 2.6.5 and 2.7.5 and later
CVSS 8.7
CVE-2021-32664 WRITEUP HIGH WRITEUP
Combodo iTop < 2.6.5 - Authenticated Stored Cross-Site Scripting on Run Query Page
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
CVSS 8.1
CVE-2023-29323 WRITEUP HIGH WRITEUP
OpenSMTPD < 7.0.0 - Denial of Service via Local Scoped IPv6 Address Handling
ascii_load_sockaddr in smtpd in OpenBSD before 7.1 errata 024 and 7.2 before errata 020, and OpenSMTPD Portable before 7.0.0-portable commit f748277, can abort upon a connection from a local, scoped IPv6 address.
CVSS 7.8