Vulnerabilities > Vembu
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-04 | CVE-2021-43458 | Unquoted Search Path or Element vulnerability in Vembu BDR Suite 4.2.0.1 An Unquoted Service Path vulnerability exits in Vembu BDR 4.2.0.1 via a specially crafted file in the (1) hsflowd, (2) VembuBDR360Agent, or (3) VembuOffice365Agent service paths. | 7.2 |
| 2021-06-08 | CVE-2021-26471 | Unspecified vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1, the http API located at /sgwebservice_o.php accepts a command argument. | 7.5 |
| 2021-06-08 | CVE-2021-26472 | OS Command Injection vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 installed on Windows, the http API located at /consumerweb/secure/download.php. | 10.0 |
| 2021-06-08 | CVE-2021-26473 | Unrestricted Upload of File with Dangerous Type vulnerability in Vembu BDR Suite and Offsite DR In VembuBDR before 4.2.0.1 and VembuOffsiteDR before 4.2.0.1 the http API located at /sgwebservice_o.php action logFilePath allows an attacker to write arbitrary files in the context of the web server process. | 7.5 |
| 2021-06-08 | CVE-2021-26474 | Cross-Site Request Forgery (CSRF) vulnerability in Vembu BDR Suite and Offsite DR Various Vembu products allow an attacker to execute a (non-blind) http-only Cross Site Request Forgery (Other products or versions of products in this family may be affected too.) | 6.8 |
| 2019-02-23 | CVE-2014-10079 | Information Exposure vulnerability in Vembu Storegrid 4.4 In Vembu StoreGrid 4.4.x, the front page of the server web interface leaks the private IP address in the "ipaddress" hidden form value of the HTML source code, which is disclosed because of incorrect processing of an index.php/ trailing slash. | 5.0 |
| 2019-02-23 | CVE-2014-10078 | Cross-site Scripting vulnerability in Vembu Storegrid 4.4 Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. | 4.3 |