5112 matches found
Authentication flaw
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay...
CVE-2022-30466
The CVE-2022-30466 entry documents a vulnerability in the Joy ebike Wolf Manufacturing year 2022 device where authentication can be bypassed via a capture-replay attack. Affected component: the device’s authentication mechanism; root cause described as capture-replay leading to an authentication ...
CVE-2022-30466
joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay...
Joy ebike Wolf 安全漏洞
Joy ebike Wolf is an electric scooter from Joy ebike India. Joy ebike Wolf Manufacturing 2022 has a security vulnerability that stems from vulnerability to Capture-replay bypassing authentication...
CVE-2022-24581
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...
Design/Logic Flaw
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...
CVE-2022-24848
DHIS2 SQL Injection (CVE-2022-24848) affects the API endpoint /api/programs/orgUnits?programs= for DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The vulnerability requires the attacker to be logged in as a DHIS2 user and could allow reading, editing, or deleting data in the instance’s database....
CVE-2022-24848 SQL Injection in DHIS2's in OrgUnit program association
DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the /api/programs/orgUnits?programs= API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from...
The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in their ability to bypass the authentication process using capture-replay techniques for intercepted parameters. This allows attackers to gain access to the device’s control interface.
The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the ability to bypass the authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability can allow an intruder to gain...
Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting
The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...
CVE-2022-24581
ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...
CVE-2022-24581
CVE-2022-24581 affects ACEweb Online Portal 3.5.065. The issue allows unauthenticated users to trigger SMB hash disclosure by providing the UNC path of an external SMB share during file upload, causing the victim server to reveal the username and password hash of the ACEweb Online software user. ...
CVE-2022-26726
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen...
CVE-2022-26726
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen...
CVE-2022-26726
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen...
CVE-2022-26726
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen...
CVE-2022-26726
CVE-2022-26726 is an Apple macOS/iOS vulnerability describing an issue where an app may be able to capture a user’s screen. The available connected references consistently state the root cause as a privilege/permission-related flaw resolved by Apple. The fixed versions are explicitly listed: Secu...
GHSA-4G82-3JCR-Q52W Malware in ctx
The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code that collected the content of os.environ.items when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query...
Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials
An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...
Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs
Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an...