869 matches found
CVE-2021-1464
A vulnerability in Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to bypass authorization checking and gain restricted access to the configuration information of an affected system. This vulnerability exists because the affected software has insufficient input...
Vulnerability discovered in Fortinet FortiManager
UPDATE Public proof of concept PoC code for the vulnerability is available. It applies to FortiManager variants that have not yet been patched. Also, researchers have discovered that Fortinet's patch did not fix the full chain of exploitation. Thus, it is still possible to execute code on a patch...
CVE-2024-50334
Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...
CVE-2024-50334 Semicolon Path Injection on API /api;/config
Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT...
CVE-2024-50334
Scoold
Scoold 安全漏洞
Scoold is an open source team quiz and knowledge sharing platform by Erudika. Scoold suffers from a security vulnerability that stems from a semicolon path injection vulnerability found in the /api;/config endpoint, where by appending a semicolon to a URL, an attacker can bypass authentication an...
PT-2024-29298 · Tropos · Tro600 Series Radios
Name of the Vulnerable Software and Affected Versions: TRO600 series radios affected versions not specified Description: The issue concerns the extraction of profile files from TRO600 series radios in both plain-text and encrypted file formats. These profile files contain valuable configuration...
PT-2024-34147 · Scoold · Scoold
Name of the Vulnerable Software and Affected Versions: Scoold versions prior to 1.64.0 Description: A semicolon path injection vulnerability was found on the "/api;/config" endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorized access to sensitive...
Mitel MiCollab 安全漏洞
Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8 SP1 FP2 9.8.1.201 and prior versions, which stems from insufficient filtering of...
Cisco UCS Central 安全漏洞
Cisco UCS Central is a server management software from Cisco USA. The software supports the management of multiple Cisco UCS instances or domains in different locations and environments. Up to 10,000 Cisco UCS servers blades, racks, and minis and Cisco HyperFlex systems can be supported using the...
Unspecified Vulnerability in JetBrains YouTrack
JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. A security vulnerability exists in...
JetBrains YouTrack 安全漏洞
JetBrains YouTrack is a project management tool that supports cloud hosting and local deployment, and is primarily geared towards team collaboration management, especially suitable for software development, human resources, marketing, and other scenarios. A security vulnerability exists in...
CVE-2024-42344
A vulnerability has been identified in SINEMA Remote Connect Client All versions V3.2 SP2. The affected application inserts sensitive information into a log file which is readable by all legitimate users of the underlying system. This could allow an authenticated attacker to compromise the...
CVE-2024-42344
The CVE-2024-42344 vulnerability affects Siemens SINEMA Remote Connect Client (versions prior to 3.2 SP2). The issue is that the application writes sensitive information into a log file accessible to all legitimate users on the system, potentially exposing other users’ configuration data and impa...
PT-2024-29881 · Siemens · Sinema Remote Connect Client
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Client versions prior to V3.2 SP2 Description: A vulnerability has been identified where the affected application inserts sensitive information into a log file. This log file is readable by all legitimate users of the...
Siemens SINEMA Remote Connect 日志信息泄露漏洞
Siemens SINEMA Remote Connect is a remote management platform from Siemens, Germany. The platform supports efficient and secure remote access to globally distributed machines and ensures secure management of VPN channels between control centers, service engineers and installed equipment. A log...
CVE-2024-39278 Hughes Network Systems Insufficiently Protected Credentials
Credentials to access device configuration information stored unencrypted in flash memory. These credentials would allow read-only access to network configuration information and terminal configuration data...
PT-2024-29989 · Hughes Network Systems +1 · Wl3000 Fusion +1
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves credentials to access device configuration being transmitted using an unencrypted protocol. This allows read-only access to network...
PT-2024-41039 · Unknown · Knowledge Space
Name of the Vulnerable Software and Affected Versions: Knowledge Space affected versions not specified Description: The issue is related to a lack of user permission checks in the Knowledge Space integrated planning platform's application programming interface. This could allow a remote attacker ...
Apache CloudStack Information Disclosure Vulnerability (CNVD-2024-35665)
Apache CloudStack is a suite of Infrastructure as a Service IaaS cloud computing platforms from the Apache Foundation in the United States. The platform is primarily used to deploy and manage large networks of virtual machines. An information disclosure vulnerability exists in Apache CloudStack...