RSS   Podatności dla 'Geocall'   RSS

2022-03-10
 
CVE-2022-22834

CWE-91
 

 
An issue was discovered in OverIT Geocall before 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XSLT Injection vulnerability. Attackers could exploit this issue to achieve remote code execution.

 
 
CVE-2022-22835

CWE-611
 

 
An issue was discovered in OverIT Geocall before version 8.0. An authenticated user who has the Test Trasformazione XSL functionality enabled can exploit a XXE vulnerability to read arbitrary files from the filesystem.

 
2019-04-01
 
CVE-2019-5891

CWE-284
 

 
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application.

 
 
CVE-2019-5890

CWE-287
 

 
An issue was discovered in OverIT Geocall 6.3 before build 2:346977. Weak authentication and session management allows an authenticated user to obtain access to the Administrative control panel and execute administrative functions.

 
 
CVE-2019-5889

CWE-22
 

 
An log-management directory traversal issue was discovered in OverIT Geocall 6.3 before build 2:346977.

 
 
CVE-2019-5888

CWE-79
 

 
Multiple XSS vulnerabilities were discovered in OverIT Geocall 6.3 before build 2:346977.

 


Copyright 2024, cxsecurity.com

 

Back to Top