Vulnerabilities (CVE)

Filtered by CWE-643
Total 7 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2024-39565 2024-11-21 N/A 8.8 HIGH
An Improper Neutralization of Data within XPath Expressions ('XPath Injection') vulnerability in J-Web shipped with Juniper Networks Junos OS allows an unauthenticated, network-based attacker to execute remote commands on the target device.  While an administrator is logged into a J-Web session or has previously logged in and subsequently logged out of their J-Web session, the attacker can arbitrarily execute commands on the target device with the other user's credentials. In the worst case, the attacker will have full control over the device. This issue affects Junos OS:  * All versions before 21.2R3-S8,  * from 21.4 before 21.4R3-S7, * from 22.2 before 22.2R3-S4, * from 22.3 before 22.3R3-S3, * from 22.4 before 22.4R3-S2, * from 23.2 before 23.2R2, * from 23.4 before 23.4R1-S1, 23.4R2.
CVE-2024-2648 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A vulnerability, which was classified as problematic, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /nac/naccheck.php. The manipulation of the argument username leads to improper neutralization of data within xpath expressions. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. VDB-257286 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2024-2645 2024-11-21 4.0 MEDIUM 4.3 MEDIUM
A vulnerability classified as problematic has been found in Netentsec NS-ASG Application Security Gateway 6.3. This affects an unknown part of the file /vpnweb/resetpwd/resetpwd.php. The manipulation of the argument UserId leads to improper neutralization of data within xpath expressions. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-257283. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.
CVE-2023-36433 1 Microsoft 1 Dynamics 365 2024-11-21 N/A 6.5 MEDIUM
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2023-36429 1 Microsoft 1 Dynamics 365 2024-11-21 N/A 6.5 MEDIUM
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2023-24922 1 Microsoft 1 Dynamics 365 2024-11-21 N/A 6.5 MEDIUM
Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability
CVE-2020-25162 1 Bbraun 2 Datamodule Compactplus, Spacecom 2024-11-21 7.8 HIGH 7.5 HIGH
A XPath injection vulnerability in the B. Braun Melsungen AG SpaceCom Version L81/U61 and earlier, and the Data module compactplus Versions A10 and A11 allows unauthenticated remote attackers to access sensitive information and escalate privileges.