Latest sparkdevnetwork rock rms Vulnerabilities

● CVE-2019-18643

Rock RMS versions before 8.10 and versions 9.0 through 9.3 fails to properly validate files uploaded in the application. The only protection mechanism is a file-extension blacklist that can be bypasse...

Sparkdevnetwork Rock Rms<8.10

Sparkdevnetwork Rock Rms>=9.0<9.4

● CVE-2019-18642

Rock RMS version before 8.6 is vulnerable to account takeover by tampering with the user ID parameter in the profile update feature. The lack of validation and use of sequential user IDs allows any us...

Sparkdevnetwork Rock Rms<8.6

● CVE-2019-18641

Rock RMS before 1.8.6 mishandles vCard access control within the People/GetVCard/REST controller.

Sparkdevnetwork Rock Rms<1.8.6

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.