Ramikan/Vulnerabilities

GitHub

github.com

Releases0

Stars9

Vulnerabilities Found

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2020-25494 ↗	Dec 18, 2020Friday, 18 December 2020, 15:15	9.8 CRITICAL	7.5 HIGH
Xinuos (formerly SCO) Openserver v5 and v6 allows attackers to execute arbitrary commands via shell metacharacters in outputform or toclevels parameter to cgi-bin/printbook.
CVE-2020-25495 ↗	Dec 18, 2020Friday, 18 December 2020, 15:15	6.1 MEDIUM	4.3 MEDIUM
A reflected Cross-site scripting (XSS) vulnerability in Xinuo (formerly SCO) Openserver version 5 and 6 allows remote attackers to inject arbitrary web script or HTML tag via the parameter 'section'.
CVE-2020-25901 ↗	Dec 18, 2020Friday, 18 December 2020, 15:15	6.1 MEDIUM	5.8 MEDIUM
Host Header Injection in Spiceworks 7.5.7.0 allowing the attacker to render arbitrary links that point to a malicious website with poisoned Host header webpages.
CVE-2019-17504 ↗	Oct 11, 2019Friday, 11 October 2019, 17:15	6.1 MEDIUM	4.3 MEDIUM
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.
CVE-2019-17503 ↗	Oct 11, 2019Friday, 11 October 2019, 17:15	5.3 MEDIUM	5 MEDIUM
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. An unauthenticated user can access /osm/REGISTER.cmd (aka /osm_tiles/REGISTER.cmd) directly: it contains sensitive information about the database through the SQL queries within this batch file. This file exposes SQL database information such as database version, table name, column name, etc.
CVE-2019-16645 ↗	Sep 20, 2019Friday, 20 September 2019, 19:15	8.6 HIGH	5 MEDIUM
An issue was discovered in Embedthis GoAhead 2.5.0. Certain pages (such as goform/login and config/log_off_page.htm) create links containing a hostname obtained from an arbitrary HTTP Host header sent by an attacker. This could potentially be used in a phishing attack.
CVE-2019-10887 ↗	Apr 5, 2019Friday, 5 April 2019, 18:29	6.1 MEDIUM	4.3 MEDIUM
A reflected HTML injection vulnerability on Salicru SLC-20-cube3(5) devices running firmware version cs121-SNMP v4.54.82.130611 allows remote attackers to inject arbitrary HTML elements via a /DataLog.csv?log= or /AlarmLog.csv?log= or /waitlog.cgi?name= or /chart.shtml?data= or /createlog.cgi?name= request.
CVE-2019-9591 ↗	Mar 6, 2019Wednesday, 6 March 2019, 16:29	6.1 MEDIUM	4.3 MEDIUM
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE before 19.49.1500.0 allows remote attackers to inject arbitrary web script or HTML via the brandUrl parameter.
CVE-2019-9592 ↗	Mar 6, 2019Wednesday, 6 March 2019, 16:29	6.1 MEDIUM	4.3 MEDIUM
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 19.45.1602.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter.
CVE-2019-9593 ↗	Mar 6, 2019Wednesday, 6 March 2019, 16:29	6.1 MEDIUM	4.3 MEDIUM
A reflected Cross-site scripting (XSS) vulnerability in ShoreTel Connect ONSITE 18.82.2000.0 allows remote attackers to inject arbitrary web script or HTML via the page parameter.