Web Vul
by Warmbrew
Source repositories
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-44761 | Cri | 0.64 | 9.8 | 0.01 | Aug 28, 2024 | An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests. | ||
| CVE-2024-30802 | Cri | 0.64 | 9.8 | 0.01 | May 14, 2024 | An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component. | ||
| CVE-2024-44759 | Hig | 0.49 | 7.5 | 0.00 | Nov 15, 2024 | An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request. | ||
| CVE-2024-42678 | Med | 0.40 | 6.1 | 0.00 | Aug 15, 2024 | Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component. | ||
| CVE-2024-42680 | Med | 0.36 | 5.5 | 0.00 | Aug 15, 2024 | An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark. | ||
| CVE-2024-30801 | Med | 0.36 | 5.5 | 0.02 | May 14, 2024 | SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component. | ||
| CVE-2024-39178 | Med | 0.35 | 5.4 | 0.00 | Jul 5, 2024 | MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid. |
- risk 0.64cvss 9.8epss 0.01
An issue in EQ Enterprise Management System before v2.0.0 allows attackers to execute a directory traversal via crafted requests.
- risk 0.64cvss 9.8epss 0.01
An issue in Vehicle Management System 7.31.0.3_20230412 allows an attacker to escalate privileges via the login.html component.
- risk 0.49cvss 7.5epss 0.00
An arbitrary file download vulnerability in the component /Doc/DownloadFile of NUS-M9 ERP Management Software v3.0.0 allows attackers to download arbitrary files and access sensitive information via a crafted interface request.
- risk 0.40cvss 6.1epss 0.00
Cross Site Scripting vulnerability in Super easy enterprise management system v.1.0.0 and before allows a local attacker to execute arbitrary code via a crafted script to the /WebSet/DlgGridSet.html component.
- risk 0.36cvss 5.5epss 0.00
An issue in Super easy enterprise management system v.1.0.0 and before allows a local attacker to obtain the server absolute path by entering a single quotation mark.
- risk 0.36cvss 5.5epss 0.02
SQL Injection vulnerability in Cloud based customer service management platform v.1.0.0 allows a local attacker to execute arbitrary code via a crafted payload to Login.asp component.
- risk 0.35cvss 5.4epss 0.00
MyPower vc8100 V100R001C00B030 was discovered to contain an arbitrary file read vulnerability via the component /tcpdump/tcpdump.php?menu_uuid.