Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
10 vulnerabilities by aceware
CVE-2022-24581 (GCVE-0-2022-24581)
Vulnerability from nvd – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:13
VLAI
Summary
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24581",
"datePublished": "2022-05-27T18:29:47.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:13:56.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24241 (GCVE-0-2022-24241)
Vulnerability from nvd – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:07
VLAI
Summary
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24241",
"datePublished": "2022-05-27T18:29:37.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24240 (GCVE-0-2022-24240)
Vulnerability from nvd – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:07
VLAI
Summary
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24240",
"datePublished": "2022-05-27T18:29:26.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24239 (GCVE-0-2022-24239)
Vulnerability from nvd – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:07
VLAI
Summary
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24239",
"datePublished": "2022-05-27T18:29:16.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24238 (GCVE-0-2022-24238)
Vulnerability from nvd – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:07
VLAI
Summary
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24238",
"datePublished": "2022-05-27T18:29:04.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24581 (GCVE-0-2022-24581)
Vulnerability from cvelistv5 – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:13
VLAI
Summary
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:13:56.660Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:47.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24581",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24581",
"datePublished": "2022-05-27T18:29:47.000Z",
"dateReserved": "2022-02-07T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:13:56.660Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24241 (GCVE-0-2022-24241)
Vulnerability from cvelistv5 – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:07
VLAI
Summary
ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.355Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24241",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain an External Controlled File Path and Name vulnerability via the txtFilePath parameter in attachments.awp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24241",
"datePublished": "2022-05-27T18:29:37.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.355Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24240 (GCVE-0-2022-24240)
Vulnerability from cvelistv5 – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:07
VLAI
Summary
ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.365Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:26.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24240",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain a SQL injection vulnerability via the criteria parameter in showschedule.awp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24240",
"datePublished": "2022-05-27T18:29:26.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.365Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24239 (GCVE-0-2022-24239)
Vulnerability from cvelistv5 – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:07
VLAI
Summary
ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.628Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:16.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain an unrestricted file upload vulnerability via attachments.awp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24239",
"datePublished": "2022-05-27T18:29:16.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24238 (GCVE-0-2022-24238)
Vulnerability from cvelistv5 – Published: 2022-05-27 18:29 – Updated: 2024-08-03 04:07
VLAI
Summary
ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://aceware.com | x_refsource_MISC |
| http://aceweb.com | x_refsource_MISC |
| https://www.aceware.com/forum/viewtopic.php?f=7&t=481 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:07:02.381Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-27T18:29:04.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceware.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://aceweb.com"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-24238",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ACEweb Online Portal 3.5.065 was discovered to contain a cross-site scripting (XSS) vulnerability via the txtNmName1 parameter in person.awp."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://aceware.com",
"refsource": "MISC",
"url": "http://aceware.com"
},
{
"name": "http://aceweb.com",
"refsource": "MISC",
"url": "http://aceweb.com"
},
{
"name": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481",
"refsource": "MISC",
"url": "https://www.aceware.com/forum/viewtopic.php?f=7\u0026t=481"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-24238",
"datePublished": "2022-05-27T18:29:04.000Z",
"dateReserved": "2022-01-31T00:00:00.000Z",
"dateUpdated": "2024-08-03T04:07:02.381Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}