869 matches found
CVE-2021-41810 Script injection in M-Files Admin
Script injection in M-Files Admin versions before 22.2.11051.0, allows executing stored script in admin tool. M-Files Admin tool allows storing configuration data with script which may then get run by another vault administrator. Requires vault admin level authentication and is not remotely...
PT-2022-15288 · Juniper Networks · Juniper Networks Paragon Active Assurance
Name of the Vulnerable Software and Affected Versions: Juniper Networks Paragon Active Assurance version 3.1.0 Description: An issue in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially...
CVE-2022-24829
Garden is an automation platform for Kubernetes development and testing. In versions prior to 0.12.39 multiple endpoints did not require authentication. In some operating modes this allows for an attacker to gain access to the application erroneously. The configuration is leaked through the /api...
CVE-2021-35036
A cleartext storage of information vulnerability in the Zyxel VMG3625-T50B firmware version V5.50ABTL.0b2k could allow an authenticated attacker to obtain sensitive information from the configuration file...
Path traversal
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...
CVE-2022-22349
IBM Sterling External Authentication Server 3.4.3.2, 6.0.2.0, and 6.0.3.0 is vulnerable to path traversals, due to not properly validating RESTAPI configuration data. An authorized user could import invalid data which could be used for an attack. IBM X-Force ID: 220144...
CVE-2021-44746
UNIVERGE DT 820 V3.2.7.0 and prior, UNIVERGE DT 830 V5.2.7.0 and prior, UNIVERGE DT 930 V2.4.0.0 and prior, IP Phone Manager V8.9.1 and prior, Data Maintenance Tool for DT900 Series V5.3.0.0 and prior, Data Maintenance Tool for DT800 Series V4.2.0.0 and prior allows a remote attacker who can acce...
CVE-2020-17383
A directory traversal vulnerability on Telos Z/IP One devices through 4.0.0r grants an unauthenticated individual root level access to the device's file system. This can be used to identify configuration settings, password hashes for built-in accounts, and the cleartext password for remote...
Nec Platforms Univerge Dt 安全漏洞
Nec Platforms Univerge Dt is a series of desktop phones from Nec Platforms Japan. A security vulnerability exists in Univerge Dt that originates from the possibility of obtaining phone configuration information when analyzing packets using IP Phone Manager or data maintenance tools. The following...
CVE-2020-35209
An issue in Atomix v3.1.5 allows unauthorized Atomix nodes to join a target cluster via providing configuration information...
VulnCheck KEV: CVE-2019-18988
TeamViewer Desktop allows for bypass of remote-login access control because the same AES key is used for different customers' installations. If an attacker were to know this key, they could decrypt protected information stored in registry or configuration files or decryption of the Unattended...
CVE-2021-34702
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker...
CVE-2021-34702 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker...
Cisco Identity Services Engine 安全漏洞
Cisco Identity Services Engine ISE is an environment-aware platform ISE Identity Services Engine from Cisco. The ISE collects real-time information about the network, users, and devices to formulate and enforce policies to regulate the network. A security vulnerability exists in the Cisco Identit...
CVE-2021-41584
Gradle Enterprise before 2021.1.3 can allow unauthorized viewing of a response information disclosure of possibly sensitive build/configuration details via a crafted HTTP request with the X-Gradle-Enterprise-Ajax-Request header...
ROS-2-1234
2.1234 OpenVPN Authentication Bypass CVE-2020-15078 1. Vulnerability Description: The vulnerability allows a remote attacker to bypass authentication and access restrictions to leak VPN configuration data. The issue only occurs on servers that are configured to use deferredauth. Under certain...
HolesWarm Malware Exploits Unpatched Windows, Linux Servers
By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between...
COMMAX Smart Home Ruvie CCTV Bridge DVR Service Unauthenticated Config Write / DoS
Summary COMMAX Smart Home System is a smart IoT home solution for a large apartment complex that provides advanced life values and safety. Description The application allows an unauthenticated attacker to change the configuration of the DVR arguments and/or cause denial-of-service scenario throug...
CVE-2021-32002
Improper Access Control vulnerability in web service of Secomea SiteManager allows local attacker without credentials to gather network information and configuration of the SiteManager. This issue affects: Secomea SiteManager All versions prior to 9.5 on Hardware...
AD Starter Scan - Null sessions
Binary data adsinullsession.nbin...