28 matches found
EUVD-2024-36822
Malicious code in bioql PyPI...
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2024-37770
14Finger v1.1 was discovered to contain a remote command execution RCE vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload...
CVE-2024-37770
CVE-2024-37770 affects 14Finger v1.1, with a Remote Command Execution (RCE) vulnerability in the fingerprint function that allows an attacker to run arbitrary commands via a crafted payload. The CVSSv3.1 base score is 9.1 (CRITICAL) with network access, low attack complexity, no privileges requir...
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...
CVE-2024-37767
Insecure permissions in the component /api/admin/user of 14Finger v1.1 allows attackers to access all user information via a crafted GET request...
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...
CVE-2024-37768
14Finger v1.1 was discovered to contain an arbitrary user deletion vulnerability via the component /api/admin/user?id...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
PT-2024-27740 · 14Finger · 14Finger
Name of the Vulnerable Software and Affected Versions: 14Finger version 1.1 Description: Insecure permissions in the software allow attackers to escalate privileges from a normal user to Administrator via a crafted POST request. This issue can be exploited by sending a manipulated POST request to...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
CVE-2024-37769
Insecure permissions in 14Finger v1.1 allow attackers to escalate privileges from normal user to Administrator via a crafted POST request...
14Finger Security Vulnerability
14Finger is a full-featured Web fingerprint recognition and sharing platform by b1ackc4t individual developers. A security vulnerability exists in version 1.1 of 14Finger, which stems from a vulnerability that allows an attacker to elevate privileges from a regular user to an administrator via a...
CVE-2024-37768
CVE-2024-37768 affects 14Finger v1.1: an arbitrary user deletion vulnerability exists via the endpoint /api/admin/user?id. The CVE entry lists a CRITICAL impact (CVSS v3.1: 9.1) with network access, no user interaction, and no privileges required; impacts include high integrity and high availabil...