Search criteria
8 vulnerabilities found for registro_elettronico by axiositalia
CVE-2019-25069 (GCVE-0-2019-25069)
Vulnerability from nvd – Published: 2022-06-09 13:10 – Updated: 2025-04-15 14:30
VLAI
Title
Axios Italia Axios RE Error Message ASP.NET information disclosure
Summary
A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely.
Severity
5.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.139528 | x_refsource_MISC |
| https://vuldb.com/?id.139529 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Axios Italia | Axios RE |
Affected:
1.7.0
Affected: 7.0.0 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.139528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.139529"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:58:42.808443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:30:50.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Axios RE",
"vendor": "Axios Italia",
"versions": [
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ErPaciocco"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T13:10:32.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.139528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.139529"
}
],
"title": "Axios Italia Axios RE Error Message ASP.NET information disclosure",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2019-25069",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Axios Italia Axios RE Error Message ASP.NET information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Axios RE",
"version": {
"version_data": [
{
"version_value": "1.7.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "Axios Italia"
}
]
}
},
"credit": "ErPaciocco",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vuldb.com/?id.139528",
"refsource": "MISC",
"url": "https://vuldb.com/?id.139528"
},
{
"name": "https://vuldb.com/?id.139529",
"refsource": "MISC",
"url": "https://vuldb.com/?id.139529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2019-25069",
"datePublished": "2022-06-09T13:10:32.000Z",
"dateReserved": "2022-06-04T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:30:50.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25068 (GCVE-0-2019-25068)
Vulnerability from nvd – Published: 2022-06-09 13:10 – Updated: 2025-04-15 14:31
VLAI
Title
Axios Italia Axios RE Connection REDefault.aspx privileges management
Summary
A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://vuldb.com/?id.139528 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Axios Italia | Axios RE |
Affected:
1.7.0
Affected: 7.0.0 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.139528"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:38.740532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:31:00.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Axios RE",
"vendor": "Axios Italia",
"versions": [
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ErPaciocco"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T13:10:31.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.139528"
}
],
"title": "Axios Italia Axios RE Connection REDefault.aspx privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2019-25068",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Axios Italia Axios RE Connection REDefault.aspx privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Axios RE",
"version": {
"version_data": [
{
"version_value": "1.7.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "Axios Italia"
}
]
}
},
"credit": "ErPaciocco",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vuldb.com/?id.139528",
"refsource": "MISC",
"url": "https://vuldb.com/?id.139528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2019-25068",
"datePublished": "2022-06-09T13:10:31.000Z",
"dateReserved": "2022-06-04T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:31:00.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7693 (GCVE-0-2019-7693)
Vulnerability from nvd – Published: 2019-02-10 22:00 – Updated: 2024-08-04 20:54
VLAI
Summary
Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pastebin.com/raw/nQ648Dif | x_refsource_MISC |
| http://storage.axiositalia.com/Quick_Guide/Manual… | x_refsource_MISC |
Date Public
2019-02-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/raw/nQ648Dif"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports \"Sissi in Rete (con server)\" for offline operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-10T22:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/raw/nQ648Dif"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports \"Sissi in Rete (con server)\" for offline operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/raw/nQ648Dif",
"refsource": "MISC",
"url": "https://pastebin.com/raw/nQ648Dif"
},
{
"name": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf",
"refsource": "MISC",
"url": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7693",
"datePublished": "2019-02-10T22:00:00.000Z",
"dateReserved": "2019-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:54:28.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18437 (GCVE-0-2018-18437)
Vulnerability from nvd – Published: 2018-10-23 21:00 – Updated: 2024-08-05 11:08
VLAI
Summary
In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.binaryworld.it/guidepoc.asp | x_refsource_MISC |
| https://www.exploit-db.com/exploits/45668/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binaryworld.it/guidepoc.asp"
},
{
"name": "45668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45668/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binaryworld.it/guidepoc.asp"
},
{
"name": "45668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45668/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binaryworld.it/guidepoc.asp",
"refsource": "MISC",
"url": "http://www.binaryworld.it/guidepoc.asp"
},
{
"name": "45668",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45668/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18437",
"datePublished": "2018-10-23T21:00:00.000Z",
"dateReserved": "2018-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25069 (GCVE-0-2019-25069)
Vulnerability from cvelistv5 – Published: 2022-06-09 13:10 – Updated: 2025-04-15 14:30
VLAI
Title
Axios Italia Axios RE Error Message ASP.NET information disclosure
Summary
A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely.
Severity
5.3 (Medium)
CWE
- CWE-200 - Information Disclosure
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://vuldb.com/?id.139528 | x_refsource_MISC |
| https://vuldb.com/?id.139529 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Axios Italia | Axios RE |
Affected:
1.7.0
Affected: 7.0.0 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:18.940Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.139528"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.139529"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25069",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T16:58:42.808443Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:30:50.640Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Axios RE",
"vendor": "Axios Italia",
"versions": [
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ErPaciocco"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Information Disclosure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T13:10:32.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.139528"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.139529"
}
],
"title": "Axios Italia Axios RE Error Message ASP.NET information disclosure",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2019-25069",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Axios Italia Axios RE Error Message ASP.NET information disclosure"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Axios RE",
"version": {
"version_data": [
{
"version_value": "1.7.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "Axios Italia"
}
]
}
},
"credit": "ErPaciocco",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability, which was classified as problematic, has been found in Axios Italia Axios RE 1.7.0/7.0.0. This issue affects some unknown processing of the component Error Message Handler. The manipulation leads to information disclosure (ASP.NET). The attack may be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "5.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200 Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vuldb.com/?id.139528",
"refsource": "MISC",
"url": "https://vuldb.com/?id.139528"
},
{
"name": "https://vuldb.com/?id.139529",
"refsource": "MISC",
"url": "https://vuldb.com/?id.139529"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2019-25069",
"datePublished": "2022-06-09T13:10:32.000Z",
"dateReserved": "2022-06-04T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:30:50.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-25068 (GCVE-0-2019-25068)
Vulnerability from cvelistv5 – Published: 2022-06-09 13:10 – Updated: 2025-04-15 14:31
VLAI
Title
Axios Italia Axios RE Connection REDefault.aspx privileges management
Summary
A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely.
Severity
6.3 (Medium)
CWE
- CWE-269 - Improper Privilege Management
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://vuldb.com/?id.139528 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Axios Italia | Axios RE |
Affected:
1.7.0
Affected: 7.0.0 |
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:00:19.045Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://vuldb.com/?id.139528"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2019-25068",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-14T17:13:38.740532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-15T14:31:00.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Axios RE",
"vendor": "Axios Italia",
"versions": [
{
"status": "affected",
"version": "1.7.0"
},
{
"status": "affected",
"version": "7.0.0"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "ErPaciocco"
}
],
"descriptions": [
{
"lang": "en",
"value": "A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T13:10:31.000Z",
"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"shortName": "VulDB"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://vuldb.com/?id.139528"
}
],
"title": "Axios Italia Axios RE Connection REDefault.aspx privileges management",
"x_generator": "vuldb.com",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cna@vuldb.com",
"ID": "CVE-2019-25068",
"REQUESTER": "cna@vuldb.com",
"STATE": "PUBLIC",
"TITLE": "Axios Italia Axios RE Connection REDefault.aspx privileges management"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Axios RE",
"version": {
"version_data": [
{
"version_value": "1.7.0"
},
{
"version_value": "7.0.0"
}
]
}
}
]
},
"vendor_name": "Axios Italia"
}
]
}
},
"credit": "ErPaciocco",
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A vulnerability classified as critical was found in Axios Italia Axios RE 1.7.0/7.0.0. This vulnerability affects unknown code of the file REDefault.aspx of the component Connection Handler. The manipulation of the argument DBIDX leads to privilege escalation. The attack can be initiated remotely."
}
]
},
"generator": "vuldb.com",
"impact": {
"cvss": {
"baseScore": "6.3",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269 Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://vuldb.com/?id.139528",
"refsource": "MISC",
"url": "https://vuldb.com/?id.139528"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
"assignerShortName": "VulDB",
"cveId": "CVE-2019-25068",
"datePublished": "2022-06-09T13:10:31.000Z",
"dateReserved": "2022-06-04T00:00:00.000Z",
"dateUpdated": "2025-04-15T14:31:00.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-7693 (GCVE-0-2019-7693)
Vulnerability from cvelistv5 – Published: 2019-02-10 22:00 – Updated: 2024-08-04 20:54
VLAI
Summary
Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports "Sissi in Rete (con server)" for offline operation.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://pastebin.com/raw/nQ648Dif | x_refsource_MISC |
| http://storage.axiositalia.com/Quick_Guide/Manual… | x_refsource_MISC |
Date Public
2019-02-10 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T20:54:28.451Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pastebin.com/raw/nQ648Dif"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2019-02-10T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports \"Sissi in Rete (con server)\" for offline operation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-02-10T22:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pastebin.com/raw/nQ648Dif"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-7693",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Axios Italia Axios RE 1.7.0/7.0.0 devices have XSS via the RELogOff.aspx Error_Parameters parameter. In some situations, the XSS would be on the family.axioscloud.it cloud service; however, the vendor also supports \"Sissi in Rete (con server)\" for offline operation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pastebin.com/raw/nQ648Dif",
"refsource": "MISC",
"url": "https://pastebin.com/raw/nQ648Dif"
},
{
"name": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf",
"refsource": "MISC",
"url": "http://storage.axiositalia.com/Quick_Guide/Manuale_Avviamento.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-7693",
"datePublished": "2019-02-10T22:00:00.000Z",
"dateReserved": "2019-02-10T00:00:00.000Z",
"dateUpdated": "2024-08-04T20:54:28.451Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-18437 (GCVE-0-2018-18437)
Vulnerability from cvelistv5 – Published: 2018-10-23 21:00 – Updated: 2024-08-05 11:08
VLAI
Summary
In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://www.binaryworld.it/guidepoc.asp | x_refsource_MISC |
| https://www.exploit-db.com/exploits/45668/ | exploitx_refsource_EXPLOIT-DB |
Date Public
2018-10-11 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T11:08:21.836Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.binaryworld.it/guidepoc.asp"
},
{
"name": "45668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/45668/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-10-11T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-26T09:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.binaryworld.it/guidepoc.asp"
},
{
"name": "45668",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/45668/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-18437",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.binaryworld.it/guidepoc.asp",
"refsource": "MISC",
"url": "http://www.binaryworld.it/guidepoc.asp"
},
{
"name": "45668",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/45668/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-18437",
"datePublished": "2018-10-23T21:00:00.000Z",
"dateReserved": "2018-10-17T00:00:00.000Z",
"dateUpdated": "2024-08-05T11:08:21.836Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}