160 matches found
PT-2024-39226 · Unknown +2 · Msc800 Lft +2
Name of the Vulnerable Software and Affected Versions: MSC800 versions prior to V4.26 MSC800 LFT versions prior to S2.93.20 Description: A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP address over Sopas ET, which can lead to Denial of Service...
SICK MSC800 安全漏洞
The SICK MSC800 is a programmable logic controller PLC from SICK, Germany. A security vulnerability exists in the SICK MSC800 version 4.26 and SICK MSC800 LFT S version 2.93.20, which originates from a denial of service that allows an unauthenticated attacker to modify the IP address of the produ...
The vulnerability of the admin_compliance_framework function in the Group Namespace URL Handler component of the software platform based on Git, which allows a violator to modify the group’s URL address.
The vulnerability of the admincomplianceframework function in the Group Namespace URL Handler component of the software platform based on Git for collaborative code development in GitLab is related to access control deficiencies. Exploiting this vulnerability could allow a malicious actor to modi...
PT-2024-37278 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw in the LDAP testing endpoint allows an attacker with admin access to change the LDAP host URL to a machine they control, potentially leaking domain credentials. This can be achieved...
The vulnerability of the implementations of CAS, SAML, and OpenID Connect protocols in the web application for deploying distributed social networks like Mastodon allows attackers to circumvent security restrictions and gain access to user accounts.
The vulnerability of the implementation of CAS, SAML, and OpenID Connect protocols in the web application for deploying distributed social networks like Mastodon is related to deficiencies in the authentication process due to changes in the email address during login to the system. Exploiting thi...
CVE-2023-51663 Hail authentication can be bypassed by changing email address
Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...
CVE-2023-51663 Hail authentication can be bypassed by changing email address
Hail is an open-source, general-purpose, Python-based data analysis tool with additional data types and methods for working with genomic data. Hail relies on OpenID Connect OIDC email addresses from ID tokens to verify the validity of a user's domain, but because users have the ability to change...
Code injection
In PHPJabbers Cleaning Business Software 1.0, lack of verification when changing an email address and/or password on the Profile Page allows remote attackers to take over accounts...
Admin user has an absolute power to withdraw all contract balance, which may raise red flags for investors
Lines of code Vulnerability details Impact Having rug-pull related code is always considered as a red flag for new investors. An admin, who's a single point of failure has access to withdraw function, which allows to withdraw the whole contract balance. Even if the owner is genuine the rug pull...
CVE-2023-3273
Improper Access Control in the SICK ICR890-4 could allow an unauthenticated remote attacker to affect the availability of the device by changing settings of the device such as the IP address based on missing access control...
CVE-2023-26466
A user with non-Admin access can change a configuration file on the client to modify the Server URL...
Virtuozzo Hybrid Infrastructure 5.4 (5.4.0-133)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover compute services, management node high availability, monitoring and alerts, and the user interface. Additionally, this release delivers stability improvements and addresses issues found in previous...
usememos/memos Improper Access Control vulnerability
usememos/memos 0.9.0 and prior is vulnerable to full account takeover via changing user name, email address, and display name...
GHSA-6W5W-WX8W-2CQ9 usememos/memos Improper Access Control vulnerability
usememos/memos 0.9.0 and prior is vulnerable to full account takeover via changing user name, email address, and display name...
CVE-2022-33186
A vulnerability in Brocade Fabric OS software v9.1.1, v9.0.1e, v8.2.3c, v7.4.2j, and earlier versions could allow a remote unauthenticated attacker to execute on a Brocade Fabric OS switch commands capable of modifying zoning, disabling the switch, disabling ports, and modifying the switch IP...
Single-step process for critical ownership transfer/renounce is risky
Lines of code Vulnerability details Single-step process for critical ownership transfer/renounce is risky Impact The following contracts and functions, allow owners to interact with core functions such as: execute, rawExecute and setApproval in OwnableSmartWallet registerKnotsToSyndicate,...
PT-2022-7651 · Siemens · Logo! 230Rce +7
Name of the Vulnerable Software and Affected Versions: LOGO! 12/24RCE versions 6ED1052-1MD08-0BA1 through 6ED1052-1MD08-0BA2 LOGO! 12/24RCEo versions 6ED1052-2MD08-0BA1 through 6ED1052-2MD08-0BA2 LOGO! 230RCE versions 6ED1052-1FB08-0BA1 through 6ED1052-1FB08-0BA2 LOGO! 230RCEo versions...
Default credentials
In Nagios XI through 5.8.5, it is possible for a user without password verification to change his e-mail address...
CVE-2022-31266
CVE-2022-31266 affects ILIAS up to version 7.10. The issue is a lack of verification when changing the email address on the Profile Page, which allows remote attackers to take over accounts. The vulnerability is documented across multiple sources (Red Hat, NVD, OSV, OpenVAS, CNNVD) with consisten...
Nagios XI 访问控制错误漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI version 5.8.5 and prior versions. An attacker can exploit the...