blackarrowsec/advisories

blackarrowsec/advisories

Releases0

Stars19

Advisories and Proofs of Concept by BlackArrow

Log in to subscribe

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2022-43216 ↗	Apr 8, 2024Monday, 8 April 2024, 12:15	9.1 CRITICAL	—
AbrhilSoft Employee's Portal before v5.6.2 was discovered to contain a SQL injection vulnerability in the login page.
CVE-2021-33207 ↗	Apr 5, 2022Tuesday, 5 April 2022, 03:15	9.8 CRITICAL	7.5 HIGH
The HTTP client in MashZone NextGen through 10.7 GA deserializes untrusted data when it gets an HTTP response with a 570 status code.
CVE-2021-33523 ↗	Mar 30, 2022Wednesday, 30 March 2022, 23:15	7.2 HIGH	6.5 MEDIUM
MashZone NextGen through 10.7 GA allows a remote authenticated user, with access to the admin console, to upload a new JDBC driver that can execute arbitrary commands on the underlying host. This occurs in com.idsscheer.ppmmashup.business.jdbc.DriverUploadController.
CVE-2021-33208 ↗	Mar 30, 2022Wednesday, 30 March 2022, 22:15	7.2 HIGH	6.5 MEDIUM
The "Register an Ehcache Configuration File" admin feature in MashZone NextGen through 10.7 GA allows XXE attacks via a malicious XML configuration file.
CVE-2021-33581 ↗	Mar 30, 2022Wednesday, 30 March 2022, 22:15	7.2 HIGH	6.5 MEDIUM
MashZone NextGen through 10.7 GA has an SSRF vulnerability that allows an attacker to interact with arbitrary TCP services, by abusing the feature to check the availability of a PPM connection. This occurs in com.idsscheer.ppmmashup.web.webservice.impl.ZPrestoAdminWebService.
CVE-2020-28657 ↗	Mar 2, 2021Tuesday, 2 March 2021, 19:15	9.8 CRITICAL	7.5 HIGH
In bPanel 2.0, the administrative ajax endpoints (aka ajax/aj_*.php) are accessible without authentication and allow SQL injections, which could lead to platform compromise.
CVE-2020-35577 ↗	Feb 18, 2021Thursday, 18 February 2021, 14:15	6.5 MEDIUM	4 MEDIUM
In Endalia Selection Portal before 4.205.0, an Insecure Direct Object Reference (IDOR) allows any authenticated user to download every file uploaded to the platform by changing the value of the file identifier (aka CommonDownload identification number).
CVE-2020-12606 ↗	Aug 17, 2020Monday, 17 August 2020, 14:15	9.8 CRITICAL	7.5 HIGH
An issue was discovered in DB Soft SGLAC before 20.05.001. The ProcedimientoGenerico method in the SVCManejador.svc webservice of the SGLAC web frontend allows an attacker to run arbitrary SQL commands on the SQL Server. Command execution can be easily achieved by using the xp_cmdshell stored procedure.
CVE-2019-18956 ↗	Dec 17, 2019Tuesday, 17 December 2019, 16:15	9.8 CRITICAL	7.5 HIGH
Divisa Proxia Suite 9 < 9.12.16, 9.11.19, 9.10.26, 9.9.8, 9.8.43 and 9.7.10, 10.0 < 10.0.32, and 10.1 < 10.1.5, SparkSpace 1.0 < 1.0.30, 1.1 < 1.1.2, and 1.2 < 1.2.4, and Proxia PHR 1.0 < 1.0.30 and 1.1 < 1.1.2 allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a seria1.0lized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. allows remote code execution via untrusted Java deserialization. The proxia-error cookie is insecurely deserialized in every request (GET or POST). Thus, an unauthenticated attacker can easily craft a serialized payload in order to execute arbitrary code via the prepareError function in the com.divisait.dv2ee.controller.MVCControllerServlet class of the dv2eemvc.jar component. Affected products include Proxia Premium Edition 2017 and Sparkspace.