awillix/research
GitHub
Releases0
Stars1
CVE History
| CVE | Published | CVSS v3 | CVSS v2 |
|---|---|---|---|
| 6.1 MEDIUM | 4.3 MEDIUM | ||
ZEROF Web Server 2.0 allows /admin.back XSS. | |||
| 6.1 MEDIUM | 4.3 MEDIUM | ||
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
ZEROF Web Server 1.0 (April 2021) allows SQL Injection via the /HandleEvent endpoint for the login page. | |||
| 9.8 CRITICAL | 7.5 HIGH | ||
The ZEROF Expert pro/2.0 application for mobile devices allows SQL Injection via the Authorization header to the /v2/devices/add endpoint. | |||