110 matches found
Control iD iDSecure On-premises 授权问题漏洞
Control iD iDSecure On-premises is an access control software from Control iD, a Brazilian company, used to manage personnel and vehicle access. An authorization issue vulnerability exists in Control iD iDSecure On-premises version 4.7.48.0 and prior versions, which stems from improper...
Control iD iDSecure On-premises 注入漏洞
Control iD iDSecure On-premises is an access control software from Control iD, a Brazilian company, used to manage personnel and vehicle access. A SQL injection vulnerability exists in Control iD iDSecure On-premises version 4.7.48.0 and prior versions, which originates from SQL injection and cou...
Control iD iDSecure On-premises 代码问题漏洞
Control iD iDSecure On-premises is an access control software from Control iD, a Brazilian company, used to manage personnel and vehicle access. A code issue vulnerability exists in Control iD iDSecure On-premises version 4.7.48.0 and prior versions, which stems from server-side request forgery a...
CVE-2023-33370
An uncaught exception vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing attackers to cause the main web server of IDSecure to fault and crash, causing a denial of service...
CVE-2023-33367
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on the server's root directory, resulting in remote code execution...
CVE-2023-2044
A vulnerability has been found in Control iD iDSecure 4.7.29.1 and classified as problematic. This vulnerability affects unknown code of the component Dispositivos Page. The manipulation of the argument IP-DNS leads to cross site scripting. The attack can be initiated remotely. VDB-225922 is the...
CVE-2023-0125
A vulnerability was found in Control iD Gerencia Web 1.30. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Web Interface. The manipulation of the argument Nome leads to cross site scripting. The attack can be launched remotely. The...
CVE-2023-6329
An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authentication and act as an administrative use...
CVE-2023-2524
A vulnerability classified as critical has been found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2//. The manipulation leads to direct request. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-228015. NOTE: The...
CVE-2023-2421
A vulnerability classified as problematic has been found in Control iD RHiD 23.3.19.0. Affected is an unknown function of the file /v2//add/department. The manipulation of the argument Name leads to cross site scripting. It is possible to launch the attack remotely. VDB-227718 is the identifier...
CVE-2023-2043
A vulnerability, which was classified as problematic, was found in Control iD RHiD 23.3.19.0. This affects an unknown part of the file /v2/customerdb/operator.svc/a of the component Edit Handler. The manipulation of the argument email leads to sql injection. It is possible to initiate the attack...
CVE-2025-2125
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...
CVE-2025-2124
A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/changepassword of the component API Handler. The manipulation of the argument message leads to cross site scripting. It is possible to...
CVE-2025-2125
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...
CVE-2025-2125
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...
CVE-2025-2124
A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/changepassword of the component API Handler. The manipulation of the argument message leads to cross site scripting. It is possible to...
CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...
CVE-2025-2125
CVE-2025-2125 affects Control iD RH iD 25.2.25.0, specifically the PDF Document Handler. The vulnerability lies in the handling of the parameter nsr for the endpoint /v2/report.svc/comprovante_marcacao/?companyId=1, causing improper control of resource identifiers. The issue is exploitable remote...
CVE-2025-2125 Control iD RH iD PDF Document companyId resource injection
A vulnerability has been found in Control iD RH iD 25.2.25.0 and classified as problematic. This vulnerability affects unknown code of the file /v2/report.svc/comprovantemarcacao/?companyId=1 of the component PDF Document Handler. The manipulation of the argument nsr leads to improper control of...
CVE-2025-2124 Control iD RH iD API change_password cross site scripting
A vulnerability, which was classified as problematic, was found in Control iD RH iD 25.2.25.0. This affects an unknown part of the file /v2/customerdb/person.svc/changepassword of the component API Handler. The manipulation of the argument message leads to cross site scripting. It is possible to...