Lucene search
K

5112 matches found

Prion
Prion
added 2022/06/07 9:15 p.m.12 views

Authentication flaw

joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay...

3.3CVSS6.5AI score0.00653EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/06/07 8:15 p.m.65 views

CVE-2022-30466

The CVE-2022-30466 entry documents a vulnerability in the Joy ebike Wolf Manufacturing year 2022 device where authentication can be bypassed via a capture-replay attack. Affected component: the device’s authentication mechanism; root cause described as capture-replay leading to an authentication ...

6.5CVSS6.5AI score0.00653EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2022/06/07 8:15 p.m.19 views

CVE-2022-30466

joyebike Joy ebike Wolf Manufacturing year 2022 is vulnerable to Authentication Bypass by Capture-replay...

6.7AI score0.00653EPSS
Exploits1References1
CNNVD
CNNVD
added 2022/06/07 12:0 a.m.4 views

Joy ebike Wolf 安全漏洞

Joy ebike Wolf is an electric scooter from Joy ebike India. Joy ebike Wolf Manufacturing 2022 has a security vulnerability that stems from vulnerability to Capture-replay bypassing authentication...

6.5CVSS6.5AI score0.00653EPSS
Exploits1References2
NVD
NVD
added 2022/06/02 2:15 p.m.19 views

CVE-2022-24581

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...

7.5CVSS0.01107EPSS
Exploits0References3
Prion
Prion
added 2022/06/02 2:15 p.m.16 views

Design/Logic Flaw

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...

5CVSS7.6AI score0.01107EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2022/06/01 5:20 p.m.738 views

CVE-2022-24848

DHIS2 SQL Injection (CVE-2022-24848) affects the API endpoint /api/programs/orgUnits?programs= for DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The vulnerability requires the attacker to be logged in as a DHIS2 user and could allow reading, editing, or deleting data in the instance’s database....

8.8CVSS8.9AI score0.01064EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/06/01 5:20 p.m.27 views

CVE-2022-24848 SQL Injection in DHIS2's in OrgUnit program association

DHIS2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability affects the /api/programs/orgUnits?programs= API endpoint in DHIS2 versions prior to 2.36.10.1 and 2.37.6.1. The system is vulnerable to attack only from...

8.8CVSS8.7AI score0.01064EPSS
Exploits0References6
BDU FSTEC
BDU FSTEC
added 2022/06/01 12:0 a.m.6 views

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in their ability to bypass the authentication process using capture-replay techniques for intercepted parameters. This allows attackers to gain access to the device’s control interface.

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the ability to bypass the authentication process by using capture-replay techniques to intercept and replay captured parameters. Exploiting this vulnerability can allow an intruder to gain...

7.6CVSS7.7AI score0.01018EPSS
Exploits0References5Affected Software2
wpexploit
wpexploit
added 2022/06/01 12:0 a.m.140 views

Icegram < 2.1.8 - Contributor+ Stored Cross-Site Scripting

The plugin does not sanitize and escape some campaign parameters, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks Create/edit a campaign such as a Black Friday one, check the "Use Opt-in / Subscription / Lead capture form" settings and put...

5.4CVSS0.2AI score0.00558EPSS
Exploits2
Cvelist
Cvelist
added 2022/05/27 6:29 p.m.19 views

CVE-2022-24581

ACEweb Online Portal 3.5.065 allows unauthenticated SMB hash capture via UNC. By specifying the UNC file path of an external SMB share when uploading a file, an attacker can induce the victim server to disclose the username and password hash of the user executing the ACEweb Online software...

7.8AI score0.01107EPSS
Exploits0References3
CVE
CVE
added 2022/05/27 6:29 p.m.52 views

CVE-2022-24581

CVE-2022-24581 affects ACEweb Online Portal 3.5.065. The issue allows unauthenticated users to trigger SMB hash disclosure by providing the UNC path of an external SMB share during file upload, causing the victim server to reveal the username and password hash of the ACEweb Online software user. ...

7.5CVSS7.5AI score0.01107EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/05/26 7:15 p.m.3 views

CVE-2022-26726

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen...

6.5CVSS7.1AI score
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/05/26 7:15 p.m.3 views

CVE-2022-26726

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen...

6.5CVSS6.8AI score0.02219EPSS
Exploits2References5
NVD
NVD
added 2022/05/26 7:15 p.m.20 views

CVE-2022-26726

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen...

6.5CVSS0.02219EPSS
Exploits2References4
Cvelist
Cvelist
added 2022/05/26 6:56 p.m.20 views

CVE-2022-26726

This issue was addressed with improved checks. This issue is fixed in Security Update 2022-004 Catalina, watchOS 8.6, macOS Monterey 12.4, macOS Big Sur 11.6.6. An app may be able to capture a user's screen...

6.8AI score0.02219EPSS
Exploits2References4
CVE
CVE
added 2022/05/26 6:56 p.m.145 views

CVE-2022-26726

CVE-2022-26726 is an Apple macOS/iOS vulnerability describing an issue where an app may be able to capture a user’s screen. The available connected references consistently state the root cause as a privilege/permission-related flaw resolved by Apple. The fixed versions are explicitly listed: Secu...

6.5CVSS6.5AI score0.02219EPSS
Exploits2References4Affected Software3
OSV
OSV
added 2022/05/25 11:9 p.m.9 views

GHSA-4G82-3JCR-Q52W Malware in ctx

The ctx hosted project on PyPI was taken over via user account compromise and replaced with a malicious project which contained runtime code that collected the content of os.environ.items when instantiating Ctx objects. The captured environment variables were sent as a base64 encoded query...

7.1AI score
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/24 7:4 p.m.27 views

Incorrect permission check in XebiaLabs XL Deploy Plugin allows capturing credentials

An incorrect permission check in Jenkins XebiaLabs XL Deploy Plugin 10.0.1 and earlier allows attackers with Generic Create permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing Username/password credentials stored i...

6.5CVSS6.3AI score0.00991EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2022/05/24 5:48 p.m.32 views

Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an...

6.5CVSS6.5AI score0.01082EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder