869 matches found
CVE-2022-34049
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data...
Design/Logic Flaw
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data...
CVE-2022-34049
An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuration data...
CVE-2022-34049
WAVLINK WN530HG4 (M30HG4.V5030.191116) is affected by an improper access control vulnerability. The Nuclei template specifies that unauthenticated attackers can download log files and configuration data via Exportlogs.sh, with potential for data modification or unauthorized operations. The issue ...
WAVLINK WN530HG4 安全漏洞
The WAVLINK WN530HG4 is a wireless router from the Chinese company WAVLINK. A security vulnerability exists in the WAVLINK WN530HG4 M30HG4.V5030.191116 version, which originates from a vulnerability that allows an unauthenticated attacker to download log files and configuration data...
CVE-2021-30327
Buffer overflow in sahara protocol while processing commands leads to overwrite of secure configuration data in Snapdragon Mobile, Snapdragon Compute, Snapdragon Auto, Snapdragon IOT, Snapdragon Connectivity, Snapdragon Voice & Music...
CVE-2021-30327
CVE-2021-30327 describes a buffer overflow in the Sahara protocol during command processing that overwrites secure configuration data in Qualcomm Snapdragon products. Affected are Snapdragon Mobile, Compute, Auto, IOT, Connectivity, and Voice & Music lines. Root cause: buffer overflow in Sahara p...
PT-2022-9990 · Qualcomm · Snapdragon Iot +5
Name of the Vulnerable Software and Affected Versions: Snapdragon Mobile affected versions not specified Snapdragon Compute affected versions not specified Snapdragon Auto affected versions not specified Snapdragon IOT affected versions not specified Snapdragon Connectivity affected versions not...
CVE-2022-31769
IBM Spectrum Copy Data Management 2.2.0.0 through 2.2.15.0 could allow a remote attacker to view product configuration information stored in PostgreSQL, which could be used in further attacks against the system. IBM X-Force ID: 228219...
Cisco Common Services Platform Collector Cross-Site Scripting Vulnerability (CNVD-2022-64197)
Cisco Common Services Platform Collector CSPC is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collecto...
Cisco Common Services Platform Collector跨站脚本漏洞(CNVD-2022-50666)
Cisco Common Services Platform Collector is a common services platform data collector from Cisco USA. The product analyzes network performance and identifies risks and vulnerabilities by polling basic inventory and configuration data from Cisco devices.Cisco Common Services Platform Collector is...
CVE-2021-35249 Domain Admin Broken Access Control
This broken access control vulnerability pertains specifically to a domain admin who can access configuration & user data of other domains which they should not have access to. Please note the admin is unable to modify the data read only operation. This UAC issue leads to a data leak to...
SolarWinds Serv-U FTP Server 访问控制错误漏洞
SolarWinds Serv-U FTP Server is a suite of FTP and MFT file transfer software from SolarWinds Corporation, USA. A security vulnerability exists in SolarWinds Serv-U FTP Server 15.3 and prior versions, which stems from the presence of improper access control in the application. An unauthorized...
GHSA-G569-49WG-JX5F Apache Geode configuration request authorization vulnerability
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...
Apache Geode configuration request authorization vulnerability
When an Apache Geode cluster before v1.4.0 is operating in secure mode, the Geode configuration service does not properly authorize configuration requests. This allows an unprivileged user who gains access to the Geode locator to extract configuration data and previously deployed application code...
GHSA-V49X-8HVM-Q347 Exposure of Sensitive Information in Apache Pluto
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
Exposure of Sensitive Information in Apache Pluto
The PortletV3AnnotatedDemo Multipart Portlet war file code provided in Apache Pluto version 3.0.0 could allow a remote attacker to obtain sensitive information, caused by the failure to restrict path information provided during a file upload. An attacker could exploit this vulnerability to obtain...
CVE-2021-41810
Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...
Authentication flaw
Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely exploitable...
CVE-2021-41810
The CVE-2021-41810 issue affects M-Files Server. An administrative tool can store configuration data that may contain a script, which can be executed by another vault administrator. The vulnerability requires vault admin level authentication and is not remotely exploitable per the primary descrip...