Lucene search
+L

37 matches found

Positive Technologies
Positive Technologies
added 2024/11/15 12:0 a.m.5 views

PT-2024-11006 · Dolibarr · Dolibarr

Name of the Vulnerable Software and Affected Versions: Dolibarr versions prior to the 'develop' branch Dolibarr versions prior to 15.0.0 Dolibarr versions prior to 63cd063 Description: An Improper Authorization issue exists, allowing a user with restricted permissions in the 'Reception' section t...

4.3CVSS4.4AI score0.00309EPSS
Exploits0References15
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.6 views

PT-2024-33667 · Zitadel +1 · Zitadel +1

Name of the Vulnerable Software and Affected Versions: Zitadel versions prior to 2.64.0 Zitadel versions prior to 2.63.5 Zitadel versions prior to 2.62.7 Zitadel versions prior to 2.61.4 Zitadel versions prior to 2.60.4 Zitadel versions prior to 2.59.5 Zitadel versions prior to 2.58.7 Description...

9.9CVSS6.3AI score0.97781EPSS
Exploits21References141
OSV
OSV
added 2024/08/22 5:15 p.m.5 views

CVE-2024-42775

An Incorrect Access Control vulnerability was found in /admin/addroomcontroller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access...

9.1CVSS5.8AI score0.00484EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/22 12:0 a.m.12 views

CVE-2024-42775

An Incorrect Access Control vulnerability was found in /admin/addroomcontroller.php in Kashipara Hotel Management System v1.0, which allows an unauthenticated attacker to add the valid hotel room entries in the administrator section via the direct URL access...

7AI score0.00484EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/08/22 12:0 a.m.4 views

Kashipara Hotel Management System 安全漏洞

Kashipara Hotel Management System is a hotel management system from Kashipara. An Access Control Error vulnerability exists in Kashipara Hotel Management System v1.0, which can be exploited by an unauthenticated attacker to add valid hotel room entries in the administrator section via direct URL...

9.1CVSS6.9AI score0.00484EPSS
Exploits1References3
Veracode
Veracode
added 2024/07/18 9:43 a.m.13 views

Authorization Bypass

silverstripe/reports is vulnerable to Authorization Bypass. The vulnerability is due to a flaw in the implementation of access control mechanisms within the ReportAdmin.php. It allows direct URL access to reports by any user who has access to the reports admin section, irrespective of whether the...

4.3CVSS6.6AI score0.00404EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2024/07/17 8:15 p.m.23 views

CVE-2024-29885

silverstripe/reports is an API for creating backend reports in the Silverstripe Framework. In affected versions reports can be accessed by their direct URL by any user who has access to view the reports admin section, even if the canView method for that report returns false. This issue has been...

4.3CVSS0.00404EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/27 12:0 a.m.4 views

PT-2024-40086 · Packagist · Silverstripe/Framework

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: The issue concerns the reports CMS section, where it only checks the canView function when listing reports that can be viewed by the current user. However, it does not perform this chec...

4.3CVSS6.8AI score
Exploits0References4
OSV
OSV
added 2024/04/10 7:15 p.m.10 views

CVE-2024-28345

An issue discovered in Sipwise C5 NGCP Dashboard below mr11.5.1 allows a low privileged user to access the Journal endpoint by directly visit the URL...

5.5CVSS5.8AI score0.00463EPSS
Exploits2References1
OSV
OSV
added 2021/12/13 11:15 a.m.3 views

CVE-2021-24780

The Single Post Exporter WordPress plugin through 1.1.1 does not have CSRF checks when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and give access to the export feature to any role such as subscriber. Subscriber users would then be able...

4.3CVSS5.9AI score0.00435EPSS
Exploits2References1
CNNVD
CNNVD
added 2021/10/05 12:0 a.m.4 views

ARCHIBUS Web Central 安全漏洞

ARCHIBUS Web Central is a web-based web management center for ARCHIBUS that organizes facility and infrastructure management tasks in an intuitive web browser interface. All infrastructure data is stored in a centralized repository so that authorized users from anywhere in the world can enter, ed...

8.8CVSS7.9AI score0.00847EPSS
Exploits0References1
Hacker One
Hacker One
added 2017/08/27 1:40 p.m.15 views

Stellar.org: Direct URL access to PDF files

hi, I was able to access the following PDF files without any authentication https://www.stellar.org/wp-content/uploads/2014/07/Bylaws-00580045-10.pdf https://www.stellar.org/wp-content/uploads/2014/07/FILED-STELLAR-DEVELOPMENT-FOUNDATION-00594674.pdf the pdf files under path...

1.5AI score
Exploits0
Packet Storm
Packet Storm
added 2016/07/29 12:0 a.m.35 views

Vicon Network Camera Authentication Bypass

TITLE Vicon Network Cameras - Authentication Bypass AUTHOR Reginald Dodd / Information Security Engineer https://www.linkedin.com/in/reginalddodd VENDOR Vicon Industries Inc. http://www.vicon-security.com http://www.vicon-security.com/products/network-cameras/ DESCRIPTION Remote unauthenticated...

0.5AI score
Exploits0
Hacker One
Hacker One
added 2016/07/17 12:23 a.m.291 views

Nextcloud: The application uses basic authentication.

Basic authentication is enabled on file access requests ==================== Description --------------------- Basic authentication is enabled on the server if we request for the direct URL of a file. The issues of using Basic Authentication can be read here - OWASP: Basic Authentication. Though...

0.1AI score
Exploits0
Hacker One
Hacker One
added 2016/01/10 9:39 p.m.24 views

Coinbase: Direct URL access to completed reports

Access to non-HTML contents such as CSV report is not restricted to authenticated users. Anyone would be able to access a CSV report by giving the direct URL and downloading it. The URL could be obtained from browser history. The following URL is an example...

6.7AI score
Exploits0
CNVD
CNVD
added 2015/04/01 12:0 a.m.4 views

Fiyo CMS Direct URL Access Vulnerability

Fiyo CMS is small business phone service and mobile collaboration tool. A direct URL access vulnerability exists in Fiyo CMS. An attacker could exploit the vulnerability to perform unauthorized actions...

7.5CVSS6.8AI score0.11429EPSS
Exploits5References1
Cvelist
Cvelist
added 2006/05/22 11:0 p.m.17 views

CVE-2006-2534

Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the 1 include and 2 themes/original directories...

6.5AI score0.0134EPSS
Exploits0References3
Rows per page
Query Builder