Vembu

vembu

7 CVEs • 3 products

Products (3)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2021-43458 1Vembu 1Bdr Suite Nov 21, 2024 Apr 4, 2022 N/A· v4 7.8 HIGH· v3 7.2 HIGH· v2 An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths.
CVE-2021-26474 1Vembu 2Bdr Suite Offsite Dr Nov 21, 2024 Jun 8, 2021 N/A· v4 8.8 HIGH· v3 6.8 MEDIUM· v2 Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.)
CVE-2021-26473 1Vembu 2Bdr Suite Offsite Dr Nov 21, 2024 Jun 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These file...Show more In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. These files can then be executed remotely by calling the file via the web server.Show less
CVE-2021-26472 1Vembu 2Bdr Suite Offsite Dr Nov 21, 2024 Jun 8, 2021 N/A· v4 9.8 CRITICAL· v3 10.0 HIGH· v2 In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary O...Show more In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. Using this command argument an unauthenticated attacker can execute arbitrary OS commands with SYSTEM privileges.Show less
CVE-2021-26471 1Vembu 2Bdr Suite Offsite Dr Nov 21, 2024 Jun 8, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell co...Show more In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. Using this command argument an unauthenticated attacker can execute arbitrary shell commands.Show less
CVE-2014-10079 1Vembu 1Storegrid Nov 21, 2024 Feb 23, 2019 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an ind...Show more In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash.Show less
CVE-2014-10078 1Vembu 1Storegrid Nov 21, 2024 Feb 23, 2019 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfa...Show more Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php.Show less