Lucene search
+L

184 matches found

BDU FSTEC
BDU FSTEC
added 2023/01/31 12:0 a.m.10 views

The vulnerability of the IBM Rational Change software lies in the lack of protective measures for the website structure, allowing attackers to disclose sensitive information about user accounts.

The vulnerability of the IBM Rational Change software exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose sensitive information related to user accounts...

6.4CVSS6.2AI score0.00931EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/10/31 9:15 p.m.5 views

CVE-2022-40292

The application allowed for Unauthenticated User Enumeration by interacting with an unsecured endpoint to retrieve information on each account within the system...

5.3CVSS5.8AI score0.00499EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/08/09 12:0 a.m.7 views

PT-2022-7069 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.3-p2 through 2.4.4 Adobe Commerce versions 2.3.7-p3 and earlier Description: The issue is related to an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could levera...

5.3CVSS5.9AI score0.00696EPSS
Exploits0References6
OSV
OSV
added 2022/07/18 1:15 p.m.4 views

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5.3CVSS6.7AI score0.03373EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/07/18 1:15 p.m.6 views

CVE-2022-24689

An issue was discovered in DSK DSKNet 2.16.136.0 and 2.17.136.5. It mishandles access control. This allows a remote attacker to access account information pages including personal data without being authenticated. The collected information includes the badge numbers that operate as user login...

5.3CVSS6.2AI score0.00857EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.8 views

The vulnerability of Emerson DeltaV industrial workstations lies in the ability to use strictly encrypted account data, which allows an intruder to gain unauthorized access to protected information.

The vulnerability of Emerson DeltaV industrial workstations lies in the possibility of using rigidly encrypted account data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

6.2CVSS5.5AI score0.00228EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/28 12:0 a.m.8 views

The vulnerability of Emerson DeltaV industrial workstations lies in the ability to use strictly encrypted account data, which allows an intruder to gain unauthorized access to protected information.

The vulnerability of Emerson DeltaV industrial workstations lies in the possibility of using rigidly encrypted account data. Exploiting this vulnerability could allow an intruder to gain unauthorized access to protected information...

6.2CVSS5.5AI score0.00228EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.10 views

The vulnerability of microprogrammed software for STARDOM FCN/FCJ programmable logic controllers lies in the possibility of using hard-coded account data, allowing an intruder to gain access to the device.

The vulnerability of microprogrammed software in STARDOM FCN/FCJ programmable logic controllers is related to the possibility of using strictly encrypted account data. Exploiting this vulnerability can allow a remote attacker to gain access to the device...

6.3CVSS7.1AI score0.01438EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/06/02 12:0 a.m.16 views

The vulnerability of the SCADA system “SKADA-NEV” lies in the unencrypted storage of critical information in memory, allowing attackers to gain access to user account data.

The vulnerability of the SCADA system “SKADA-NEV” is related to the unencrypted storage of critical information in memory. Exploiting this vulnerability can allow an intruder to gain access to user account data...

7.8CVSS5.5AI score
Exploits0Affected Software1
OSV
OSV
added 2022/05/24 5:0 p.m.50 views

GHSA-P9VF-4JX2-5HPP Magento 2 Community Edition Security Bypass

A security bypass vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An unauthenticated user can bypass the email confirmation mechanism via GET request that captures relevant account data obtained from the POST response related to new user creation...

7.5CVSS7.6AI score0.0056EPSS
Exploits0References5
Snyk
Snyk
added 2022/05/24 4:44 p.m.1 views

Improper Removal of Sensitive Information Before Storage or Transfer

Overview Affected versions of this package are vulnerable to Improper Removal of Sensitive Information Before Storage or Transfer via the rest.AnonymousClientConfig method that does not effectively clear service account credentials loaded using rest.InClusterConfig. An attacker can gain...

9.2CVSS7.1AI score0.01492EPSS
Exploits0References2
OSV
OSV
added 2022/04/22 7:15 a.m.5 views

CVE-2022-26672

ASUS WebStorage has a hardcoded API Token in the APP source code. An unauthenticated remote attacker can use this token to establish connections with the server and carry out login attempts to general user accounts. A successful login to a general user account allows the attacker to access, modif...

9.8CVSS5.8AI score0.01151EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.7 views

The vulnerability of the microprogrammed software of the MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ programmable logic controllers, related to the unencrypted storage of user data, allows a intruder to gain increased privileges.

The vulnerability of the microprogrammed logic controllers MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ lies in the unencrypted storage of account data. Exploiting this vulnerability could allow a malicious actor to gain enhanced privileges by using the file 00000001.SYP...

7.4CVSS7.1AI score0.01318EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/04/13 12:0 a.m.8 views

The vulnerability of the microprogrammed software of the MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ programmable logic controllers lies in the unencrypted storage of user data, allowing an intruder to gain unauthorized access to the protected information.

The vulnerability of the microprogrammed logic controllers MELSEC iQ-F Series FX5U and MELSEC iQ-F Series FX5UJ lies in the unencrypted storage of account data. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to protected information...

6.8CVSS6.5AI score0.01117EPSS
Exploits0References4
BDU FSTEC
BDU FSTEC
added 2022/02/07 12:0 a.m.8 views

The vulnerability of the centralized system for managing emergency messages and events in CAMS, compared to distributed systems like CENTUM, allows a intruder to cause system failures, including the suppression of emergency signals.

The vulnerability of the centralized system for managing emergency messages and events in CAMS distributed systems like CENTUM is related to the use of pre-set account data. Exploiting this vulnerability could allow a malicious actor to cause server failures, including the suppression of emergenc...

7.8CVSS7.7AI score0.00981EPSS
Exploits0References3
CNNVD
CNNVD
added 2021/12/30 12:0 a.m.4 views

Netgear Nighthawk R6700 加密问题漏洞

The Netgear Nighthawk R6700 is a wireless router from Netgear, Inc. An encryption vulnerability exists in the Netgear Nighthawk R6700, which stems from the product's failure to encrypt account information. An attacker could obtain plaintext account information in the Zhu configuration file throug...

7.5CVSS5.6AI score0.00589EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/12/20 12:0 a.m.7 views

The vulnerability of the FortiSIEM Windows Agent security management system lies in the fact that user credentials are stored as plain-text files in log files. This allows attackers to gain unauthorized access to the protected information.

The vulnerability of the FortiSIEM Windows Agent security management system lies in the fact that account data is stored as plain-text files in log files. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information...

5.5CVSS5.9AI score0.00212EPSS
Exploits0References4Affected Software1
Huntr
Huntr
added 2021/12/02 9:15 a.m.17 views

Cross-site Scripting (XSS) - Stored in livehelperchat/livehelperchat

Description Stored XSS via upload Photo avatar with format .svg in Account data. Detail When opening the attachment, some format files will be rendered and loaded on the browser. So it allows executing arbitrary javascript code that was injected into attachment before. Proof of Concept PoC.svg va...

4.3CVSS0.4AI score0.0085EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2021/11/16 1:34 a.m.2 views

CVE-2021-42337

The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters...

4.3CVSS5.8AI score0.00868EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2021/11/16 12:0 a.m.10 views

PT-2021-23580 · Aifu · Aifu

Name of the Vulnerable Software and Affected Versions: AIFU affected versions not specified Description: The issue concerns a bypass of permission control in the AIFU cashier management salary query function. This allows a remote attacker, after obtaining general user permission, to access accoun...

4.3CVSS4.5AI score0.00868EPSS
Exploits0References3
Rows per page
Query Builder