VYPR

adAS

by PRiSE

CVEs (11)

  • CVE-2019-15088CriSep 20, 2019
    risk 0.64cvss 9.8epss 0.02

    An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.

  • CVE-2019-14914CriSep 20, 2019
    risk 0.59cvss 9.1epss 0.02

    An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.

  • CVE-2019-15089HigSep 20, 2019
    risk 0.57cvss 8.8epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.

  • CVE-2019-15085HigSep 20, 2019
    risk 0.49cvss 7.5epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.

  • CVE-2019-15087HigSep 20, 2019
    risk 0.47cvss 7.2epss 0.03

    An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

  • CVE-2019-14916MedSep 20, 2019
    risk 0.42cvss 6.5epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.

  • CVE-2019-15086MedSep 20, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.

  • CVE-2019-14915MedSep 20, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.

  • CVE-2019-14912MedSep 20, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.

  • CVE-2019-14911MedSep 20, 2019
    risk 0.40cvss 6.1epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.

  • CVE-2019-14913MedSep 20, 2019
    risk 0.35cvss 5.4epss 0.01

    An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.