N0Ipr0Cs

#5288de 53,635
50.2CVSS total
Vulnerabilidades · 8
Média
7
Alta
1
PT-2020-17357
7.5
2020-12-23
Acs · Advanced Comment System · CVE-2020-35598
**Nome do software vulnerável e versões afetadas** ACS Advanced Comment System versão 1.0 **Descrição** A vulnerabilidade permite o acesso a diretórios (Directory Traversal) por meio do endpoint da API `advanced component system/index.php`, especificamente através da variável `ACS path`. Isso pode ser explorado manipulando a variável `ACS path` com um URI como `..%2f`. **Recomendações** Para o ACS Advanced Comment System versão 1.0, como solução temporária, considere restringir o acesso ao endpoint da API `advanced component system/index.php` até que um patch esteja disponível. Evite usar a variável `ACS path` neste endpoint para minimizar o risco de exploração. No momento, não há informações sobre uma versão mais recente que contenha uma correção para este problema.
PT-2018-9961
6.1
2018-05-02
Syncbreeze · Syncbreeze · CVE-2018-10563
Name of the Vulnerable Software and Affected Versions: SyncBreeze versions 10.1 through 10.7 Description: The issue is an XSS that affects SyncBreeze. Recommendations: For versions 10.1 through 10.7, update to a version that contains a fix for this issue.
PT-2018-9962
6.1
2018-05-02
Diskpulse · Diskpulse Enterprise · CVE-2018-10564
Name of the Vulnerable Software and Affected Versions: DiskPulse Enterprise versions 10.4 through 10.7 Description: A cross-site scripting issue exists, potentially allowing for malicious script execution. Recommendations: For versions 10.4 through 10.7, update to a version later than 10.7 to resolve the issue.
PT-2018-9963
6.1
2018-05-02
Flexense · Disksavvy Enterprise · CVE-2018-10565
Name of the Vulnerable Software and Affected Versions: DiskSavvy Enterprise versions 10.4 through 10.7 Description: A cross-site scripting (XSS) issue exists. Recommendations: For versions 10.4 through 10.7, update to a version that contains a fix for this issue.
PT-2018-9804
6.1
2018-05-02
Flexense · Diskboss Enterprise · CVE-2018-10294
Name of the Vulnerable Software and Affected Versions: DiskBoss Enterprise versions 7.4.28 through 9.1.16 Description: The issue is related to a Cross-Site Scripting (XSS) problem. Recommendations: For versions 7.4.28 through 9.1.16, update to a version that contains a fix for this issue.
PT-2018-9965
6.1
2018-05-02
Flexense · Vx Search Enterprise · CVE-2018-10567
Name of the Vulnerable Software and Affected Versions: Flexense VX Search Enterprise versions 10.1.12 through 10.7 Description: A cross-site scripting (XSS) issue exists. Recommendations: For versions 10.1.12 through 10.7, update to a version that contains a fix for this issue.
PT-2018-9966
6.1
2018-05-02
Flexense · Disksorter Enterprise · CVE-2018-10568
Name of the Vulnerable Software and Affected Versions: DiskSorter Enterprise versions 9.5.12 through 10.7 Description: A cross-site scripting issue exists, potentially allowing for malicious script execution. Recommendations: For versions 9.5.12 through 10.7, update to a version that contains a fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2018-9964
6.1
2018-05-02
Flexense · Dupscout Enterprise · CVE-2018-10566
Name of the Vulnerable Software and Affected Versions: Flexense DupScout Enterprise versions 10.0.18 through 10.7 Description: A cross-site scripting issue exists. Recommendations: For versions 10.0.18 through 10.7, update to a version that contains a fix for this issue.