Lucene search
K

61 matches found

Vulnrichment
Vulnrichment
added 2024/03/29 12:0 a.m.8 views

CVE-2023-49231

An authentication bypass vulnerability was found in Stilog Visual Planning 8. It allows an unauthenticated attacker to receive an administrative API token...

9.8AI score0.42898EPSS
Exploits1References4
CVE
CVE
added 2024/03/29 12:0 a.m.119 views

CVE-2023-49231

An authentication bypass affecting Stilog Visual Planning 8 (pre-build 240207) is documented. A wildcard injection inside a prepared SQL statement in the REST API v2.0 enabled attackers to exfiltrate the REST API key and obtain an administrative API token, granting unauthenticated admin access. T...

9.8CVSS7.1AI score0.42898EPSS
Exploits1References4
GithubExploit
GithubExploit
added 2023/02/16 4:27 a.m.734 views

Exploit for CVE-2023-31711

CVE-2023-31711 Incorrect Access Control in ZKTECO allows...

7.9AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/17 5:22 a.m.36 views

OpenStack Keystone Allows Remote User Account Creation

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

5.8CVSS6.3AI score0.02895EPSS
Exploits1References12Affected Software1
CVE
CVE
added 2022/01/25 7:11 p.m.191 views

CVE-2021-4133

Keycloak vulnerability CVE-2021-4133 affects versions 12.0.0 up to, but not including, 15.1.1. An attacker with an existing user account can create new default user accounts via the administrative REST API even when new user registration is disabled, due to improper authorization validation in th...

8.8CVSS8.3AI score0.01347EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2020/03/13 5:15 p.m.19 views

CVE-2019-12182

Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...

9.8CVSS9.8AI score0.04984EPSS
Exploits1References4
Prion
Prion
added 2020/03/13 5:15 p.m.17 views

Directory traversal

Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...

7.5CVSS9.6AI score0.04984EPSS
Exploits1References4Affected Software6
Cvelist
Cvelist
added 2020/03/13 4:11 p.m.26 views

CVE-2019-12182

Directory Traversal in Safescan Timemoto and TA-8000 series version 1.0 allows unauthenticated remote attackers to execute code via the administrative API...

9.8AI score0.04984EPSS
Exploits1References4
CVE
CVE
added 2020/03/13 4:11 p.m.45 views

CVE-2019-12182

CVE-2019-12182 describes a Directory Traversal vulnerability in Safescan Timemoto and TA-8000 series (version 1.0) that allows unauthenticated remote code execution via the administrative API. Affected product family is Safescan Timemoto/TA-8000, with identifiers appearing across NVD, Red Hat, CN...

9.8CVSS9.6AI score0.04984EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2020/03/02 4:15 p.m.19 views

CVE-2019-12183

Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API...

7.5CVSS7.5AI score0.02068EPSS
Exploits1References3
Prion
Prion
added 2020/03/02 4:15 p.m.13 views

Improper access control

Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API...

5CVSS7.5AI score0.02068EPSS
Exploits1References3
Cvelist
Cvelist
added 2020/03/02 3:12 p.m.18 views

CVE-2019-12183

Incorrect Access Control in Safescan Timemoto TM-616 and TA-8000 series allows remote attackers to read any file via the administrative API...

7.5AI score0.02068EPSS
Exploits1References3
CVE
CVE
added 2020/03/02 3:12 p.m.45 views

CVE-2019-12183

CVE-2019-12183 affects Safescan Timemoto TM-616 and TA-8000 series. Description: Incorrect Access Control in the administrative API can let remote attackers read arbitrary files. Root cause: improper access controls in the admin API; impacts are partial confidentiality loss (read access) with net...

7.5CVSS7.5AI score0.02068EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2019/05/02 4:43 a.m.21 views

Authorization Bypass

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

7.5CVSS6AI score0.03965EPSS
Exploits0References10Affected Software1
Veracode
Veracode
added 2019/05/02 4:43 a.m.28 views

Arbitrary Code Execution

Keystone is a Python implementation of the OpenStack http://www.openstack.org identity service API. It was found that Keystone incorrectly handled authorization failures. If a client attempted to change their tenant membership to one they are not authorized to join, Keystone correctly returned a...

7.5CVSS6AI score0.03965EPSS
Exploits0References16Affected Software1
securityvulns
securityvulns
added 2015/10/12 12:0 a.m.59 views

CVE-2015-6237 - Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability

Document Title ================ Tripwire IP360 VnE Remote Administrative API Authentication Bypass/Privilege Acquisition Vulnerability Affected Products =================== Vendor: Tripwire Software/Appliance: IP360 VnE Vulnerability Manager Affected verified versions: v7.2.2 - v7.2.5 CVE =====...

7.5CVSS1.3AI score0.01667EPSS
Exploits1
OSV
OSV
added 2012/09/05 11:55 p.m.2 views

DEBIAN-CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

4.3CVSS6.9AI score0.0248EPSS
Exploits0References1
OSV
OSV
added 2012/09/05 11:55 p.m.14 views

CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

6.4AI score
Exploits0References9
Prion
Prion
added 2012/09/05 11:55 p.m.20 views

Open redirect

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

4.3CVSS6.7AI score0.02895EPSS
Exploits1References9Affected Software2
Debian CVE
Debian CVE
added 2012/09/05 11:0 p.m.36 views

CVE-2012-3542

OpenStack Keystone, as used in OpenStack Folsom before folsom-rc1 and OpenStack Essex 2012.1, allows remote attackers to add an arbitrary user to an arbitrary tenant via a request to update the user's default tenant to the administrative API. NOTE: this identifier was originally incorrectly...

4.3CVSS6.4AI score0.0248EPSS
Exploits0
Rows per page
Query Builder