VYPR
Vendor

Saltos

Products
2
CVEs
10
Across products
10
Status
Private

Products

2

Recent CVEs

10
  • CVE-2018-18761CriNov 16, 2018
    risk 0.68cvss 9.8epss 0.16

    SaltOS 3.1 r8126 allows action=login&querystring=&user=[SQL] SQL Injection.

  • CVE-2018-18763CriNov 16, 2018
    risk 0.67cvss 9.8epss 0.03

    SaltOS 3.1 r8126 allows action=ajax&query=numbers&page=usuarios&action2=[SQL] SQL Injection.

  • CVE-2024-5407CriMay 27, 2024
    risk 0.65cvss 10.0epss 0.01

    A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the "search" parameter in /portal/search.htm. This vulnerability could allow a remote attacker to perform a reverse shell on the remote system, compromising the entire infrastructure.

  • CVE-2019-19459CriDec 3, 2019
    risk 0.64cvss 9.8epss 0.04

    An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. An attacker can write arbitrary content to arbitrary files, as demonstrated by CVE-2019-19458 files under the web root, or .bat files that will be used with auto start. This allows an attacker to execute arbitrary…

  • CVE-2019-19458HigDec 3, 2019
    risk 0.56cvss 8.6epss 0.03

    SALTO ProAccess SPACE 5.4.3.0 allows Directory Traversal in the Data Export feature.

  • CVE-2024-5409HigMay 27, 2024
    risk 0.46cvss 7.1epss 0.00

    RhinOS 3.0-1190 is vulnerable to an XSS via the "tamper" parameter in /admin/lib/phpthumb/phpthumb.php. An attacker could create a malicious URL and send it to a victim to obtain their session details.

  • CVE-2024-5408HigMay 27, 2024
    risk 0.46cvss 7.1epss 0.00

    Vulnerability in RhinOS 3.0-1190 consisting of an XSS through the "search" parameter of /portal/search.htm. This vulnerability could allow a remote attacker to steal details of a victim's user session by submitting a specially crafted URL.

  • CVE-2018-18762MedMar 21, 2019
    risk 0.46cvss 6.5epss 0.06

    SaltOS 3.1 r8126 contains a database download vulnerability.

  • CVE-2019-19460MedDec 3, 2019
    risk 0.36cvss 5.5epss 0.00

    An issue was discovered in SALTO ProAccess SPACE 5.4.3.0. The product's webserver runs as a Windows service with local SYSTEM permissions by default. This is against the principle of least privilege. An attacker who is able to exploit CVE-2019-19458 or CVE-2019-19459 is…

  • CVE-2019-19457MedDec 3, 2019
    risk 0.35cvss 5.4epss 0.01

    SALTO ProAccess SPACE 5.4.3.0 allows XSS.