Vulnerabilities > Maarch
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-11-23 | CVE-2022-37772 | Improper Restriction of Excessive Authentication Attempts vulnerability in Maarch RM Maarch RM 2.8.3 solution contains an improper restriction of excessive authentication attempts due to excessive verbose responses from the application. | 7.5 |
2022-11-23 | CVE-2022-37773 | SQL Injection vulnerability in Maarch RM An authenticated SQL Injection vulnerability in the statistics page (/statistics/retrieve) of Maarch RM 2.8, via the filter parameter, allows the complete disclosure of all databases. | 6.5 |
2022-11-23 | CVE-2022-37774 | Improper Authentication vulnerability in Maarch RM There is a broken access control vulnerability in the Maarch RM 2.8.3 solution. | 5.3 |
2020-01-17 | CVE-2019-15855 | Path Traversal vulnerability in Maarch RM An issue was discovered in Maarch RM before 2.5. | 6.4 |
2020-01-17 | CVE-2019-15854 | Unspecified vulnerability in Maarch RM An issue was discovered in Maarch RM before 2.5. | 6.5 |
2015-02-19 | CVE-2015-1587 | Arbitrary File Upload vulnerability in Maarch Gec/Ged and Letterbox Unrestricted file upload vulnerability in file_to_index.php in Maarch LetterBox 2.8 and earlier and GEC/GED 1.4 and earlier allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension, then accessing it via a request to a predictable filename in tmp/. | 7.5 |
2014-11-20 | CVE-2014-8995 | SQL Injection vulnerability in Maarch Letterbox 2.8 SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie. | 5.0 |
2006-10-25 | CVE-2006-5492 | Information Disclosure vulnerability in Maarch View Documents Unspecified vulnerability in Maerys Archive (Maarch) before 2.0.1 allows remote authenticated users to obtain sensitive information (document contents) via unspecified attack vectors related to "grants." | 4.0 |