184 matches found
The vulnerability of the IBM Rational Change software lies in the lack of protective measures for the website structure, allowing attackers to disclose sensitive information about user accounts.
The vulnerability of the IBM Rational Change software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information related to user accounts...
CVE-2022-40292
The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system...
PT-2022-7069 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 through 2.4.4 Adobe Commerce versions 2.3.7-p3 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could levera...
CVE-2022-24689
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...
CVE-2022-24689
An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...
The vulnerability of Emerson DeltaV industrial workstations lies in the ability to use strictly encrypted account data, which allows an intruder to gain unauthorized access to protected information.
The vulnerability of Emerson DeltaV industrial workstations lies in the possibility of using rigidly encrypted account data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...
The vulnerability of Emerson DeltaV industrial workstations lies in the ability to use strictly encrypted account data, which allows an intruder to gain unauthorized access to protected information.
The vulnerability of Emerson DeltaV industrial workstations lies in the possibility of using rigidly encrypted account data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...
The vulnerability of microprogrammed software for STARDOM FCN/FCJ programmable logic controllers lies in the possibility of using hard-coded account data, allowing an intruder to gain access to the device.
The vulnerability of microprogrammed software in STARDOM FCN/FCJ programmable logic controllers is related to the possibility of using strictly encrypted account data. Exploiting this vulnerability can allow a remote attacker to gain access to the device...
The vulnerability of the SCADA system “SKADA-NEV” lies in the unencrypted storage of critical information in memory, allowing attackers to gain access to user account data.
The vulnerability of the SCADA system “SKADA-NEV” is related to the unencrypted storage of critical information in memory. Exploiting this vulnerability can allow an intruder to gain access to user account data...
GHSA-P9VF-4JX2-5HPP Magento 2 Community Edition Security Bypass
A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation...
Improper Removal of Sensitive Information Before Storage or Transfer
Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the rest.AnonymousClientConfig method that does not effectively clear service account credentials loaded using rest.InClusterConfig. An attacker can gain...
CVE-2022-26672
ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modif...
The vulnerability of the microprogrammed software of the MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ programmable logic controllers, related to the unencrypted storage of user data, allows a intruder to gain increased privileges.
The vulnerability of the microprogrammed logic controllers MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ lies in the unencrypted storage of account data. Exploiting this vulnerability could allow a malicious actor to gain enhanced privileges by using the file 00000001.SYP...
The vulnerability of the microprogrammed software of the MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ programmable logic controllers lies in the unencrypted storage of user data, allowing an intruder to gain unauthorized access to the protected information.
The vulnerability of the microprogrammed logic controllers MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ lies in the unencrypted storage of account data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...
The vulnerability of the centralized system for managing emergency messages and events in CAMS, compared to distributed systems like CENTUM, allows a intruder to cause system failures, including the suppression of emergency signals.
The vulnerability of the centralized system for managing emergency messages and events in CAMS distributed systems like CENTUM is related to the use of pre-set account data. Exploiting this vulnerability could allow a malicious actor to cause server failures, including the suppression of emergenc...
Netgear Nighthawk R6700 加密问题漏洞
The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. An encryption vulnerability exists in the Netgear Nighthawk R6700, which stems from the product's failure to encrypt account information. An attacker could obtain plaintext account information in the Zhu configuration file throug...
The vulnerability of the FortiSIEM Windows Agent security management system lies in the fact that user credentials are stored as plain-text files in log files. This allows attackers to gain unauthorized access to the protected information.
The vulnerability of the FortiSIEM Windows Agent security management system lies in the fact that account data is stored as plain-text files in log files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...
Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat
Description Stored XSS via upload Photo avatar with format .svg in Account data. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg va...
CVE-2021-42337
The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters...
PT-2021-23580 · Aifu · Aifu
Name of the Vulnerable Software and Affected Versions: AIFU affected versions not specified Description: The issue concerns a bypass of permission control in the AIFU cashier management salary query function. This allows a remote attacker, after obtaining general user permission, to access accoun...