Lucene search
+L

101 matches found

Positive Technologies
Positive Technologies
added 2024/03/01 12:0 a.m.12 views

PT-2024-2150 · Hikvision · Hikcentral Professional

Name of the Vulnerable Software and Affected Versions: HikCentral Professional affected versions not specified Description: The issue is related to insufficient server-side validation, which could allow an attacker to gain access to certain URLs that they should not have access to. This is a...

7.8CVSS7.1AI score0.00567EPSS
Exploits0References13
Veracode
Veracode
added 2024/02/13 7:52 a.m.21 views

Inadequate Access Control

moodle/moodle is vulnerable to Inadequate Access Control. This vulnerability allows unauthorized access by local users to create arbitrary events intended for higher roles. An attacker can add events to the calendar of all users without their prior consent...

6.5CVSS6.6AI score0.00294EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/06 12:0 a.m.10 views

PT-2024-1548 · Unknown · Aria Operations For Networks

Name of the Vulnerable Software and Affected Versions: Aria Operations for Networks affected versions not specified Description: A local privilege escalation issue exists in Aria Operations for Networks, related to inadequate access control. This issue can be exploited by a console user with acce...

7.8CVSS7.8AI score0.00246EPSS
Exploits0References9
Openbugbounty
Openbugbounty
added 2024/01/28 5:47 p.m.11 views

ciglsteinfort.lu Improper Access Control vulnerability OBB-3845228

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/01/17 12:0 a.m.6 views

PT-2024-15711 · Unknown · C21 Live Encoder/Live Mosaic

Name of the Vulnerable Software and Affected Versions: C21 Live Encoder and Live Mosaic version 5.3 Description: The issue is related to inadequate access control, allowing a remote attacker to access the application as an administrator user due to lack of proper credential management. This can b...

9.8CVSS9.2AI score0.0063EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/12/06 12:0 a.m.4 views

PT-2023-8538 · Gitlab · Gitlab Ee Ultimate +2

Name of the Vulnerable Software and Affected Versions: GitLab EE Premium and Ultimate versions 16.4.3 through 16.6.1 Description: The issue is related to inadequate access control in GitLab, allowing subgroup members with the Developer role to potentially push or merge to protected branches in...

6.5CVSS6.9AI score0.0038EPSS
Exploits0References13
Openbugbounty
Openbugbounty
added 2023/12/04 7:35 p.m.4 views

kslflooring.com Improper Access Control vulnerability OBB-3802852

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/11/29 8:59 p.m.7 views

expendedoraepis.com Improper Access Control vulnerability OBB-3798338

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2023/11/14 12:0 a.m.3 views

PT-2023-6947 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to a component of Windows Authentication and is associated with inadequate access control. Exploitation of this issue may allow an attacker to elevate their privileges...

7.8CVSS9.2AI score0.01107EPSS
Exploits0References19
Positive Technologies
Positive Technologies
added 2023/10/26 12:0 a.m.8 views

PT-2023-6588 · Sielco · Sielco Polyeco1000

Name of the Vulnerable Software and Affected Versions: Sielco PolyEco1000 affected versions not specified Description: The issue is related to inadequate access control in the Sielco PolyEco1000 digital fm-transmitter's software. An attacker can exploit this by modifying passwords in POST request...

10CVSS9.3AI score0.00536EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2023/10/16 12:0 a.m.6 views

PT-2023-6235 · D Link · D-Link Dir-820L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-820L version 1.05B03 Description: The issue is related to inadequate access control in the firmware of D-Link DIR-820L routers. Exploitation of this issue could allow a remote attacker to execute arbitrary code. Recommendations: Fo...

9.8CVSS7.8AI score0.0085EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/10/10 12:0 a.m.2 views

PT-2023-5979 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the file system of the Windows operating system and is associated with inadequate access control. It allows an attacker to elevate their privileges. There is no...

7.8CVSS9.3AI score0.00513EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.7 views

PT-2023-5565 · Huawei · Harmonyos +1

Name of the Vulnerable Software and Affected Versions: DDMP module affected versions not specified Description: The issue is related to a data security classification vulnerability in the DDMP module, which may affect confidentiality. Successful exploitation of this vulnerability could allow a...

7.8CVSS7AI score0.00337EPSS
Exploits0References9
BDU FSTEC
BDU FSTEC
added 2023/06/16 12:0 a.m.6 views

The vulnerability of TeamPass’ password managers, related to inadequate access control, allows attackers to disclose sensitive information that should be protected.

The vulnerability of the TeamPass password manager is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor, operating remotely, to disclose the protected information...

6.8CVSS6.7AI score0.00381EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/13 12:0 a.m.4 views

PT-2023-3191 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to the Windows Authentication component in Windows operating systems and is associated with inadequate access control. It allows an attacker to elevate their privileges...

7CVSS9.2AI score0.00372EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/05/07 12:0 a.m.6 views

PT-2023-3798 · Glpi +2 · Glpi +2

Name of the Vulnerable Software and Affected Versions: GLPI versions 9.5.0 through 10.0.7 Description: The issue is related to inadequate access control in the GLPI system, which can be exploited by a remote attacker to modify or view dashboard data. This is due to an incorrect rights check on a...

10CVSS6.8AI score0.99628EPSS
Exploits27References159
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.5 views

PT-2023-6748 · Dell · Dell Command | Monitor

Name of the Vulnerable Software and Affected Versions: Dell Command | Monitor versions prior to 10.9 Description: The issue is related to inadequate access control in the Dell Command | Monitor software, which can be exploited to delete arbitrary files. A locally authenticated malicious user may...

7.1CVSS6.9AI score0.00155EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/10/11 12:0 a.m.5 views

PT-2022-7049 · Microsoft · Azure Storsimple 8000 Series

Name of the Vulnerable Software and Affected Versions: Microsoft Azure StorSimple 8000 series affected versions not specified Description: The issue is related to inadequate access control in the Microsoft Azure StorSimple 8000 series, which can be exploited to elevate privileges. Recommendations...

7.2CVSS9.3AI score0.0058EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2022/08/19 12:0 a.m.2 views

PT-2022-23015 · Jellyfin · Jellyfin

Name of the Vulnerable Software and Affected Versions: Jellyfin versions prior to 10.8 Description: The issue is related to incorrect access control for admin functionality at the "/users" endpoint. This lack of access control can be leveraged to perform a cross-site scripting attack...

8.8CVSS5.8AI score0.01283EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2022/08/16 12:0 a.m.4 views

PT-2022-4416 · Zimbra · Zimbra Collaboration Suite

Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration Suite affected versions not specified Description: The issue is related to the sudo configuration in Zimbra, which allows the zimbra user to execute the zmslapd binary as root with arbitrary parameters. The zmslapd binary...

7.8CVSS8.7AI score0.01683EPSS
Exploits4References12
Rows per page
Query Builder