46 matches found
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /providers interface. A low-privileged attacker can exploit the vulnerability to create privileged users provide...
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /appointments/appointmentId interface. A low-privileged attacker can exploit this vulnerability to obtain,...
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /secretaries interface. A low-privilege attacker can exploit the vulnerability to create a low-privilege user...
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /providers/providerId interface. A low-privileged attacker can exploit the vulnerability to obtain, modify, or...
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments that stems from an insecure authorization issue in the /customers interface. A low-privilege attacker can exploit the vulnerability to create low-privilege users...
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /services/serviceId interface. A low-privileged attacker can exploit this vulnerability to gain access to,...
Easy!Appointments Security Vulnerability
Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /appointments interface. A low-privileged attacker can exploit the vulnerability to create appointments for an...
Security Bulletin: IBM InfoSphere Information Server is vulnerable due to insecure authorization (CVE-2023-35022)
Summary An insecure authorization vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2023-35022 DESCRIPTION: IBM InfoSphere Information Server could allow a local user to update projects that they do not have the authorization to access. CVSS Base...
GitLab 12.8 < 12.9.8 / 12.10 < 12.10.7 / 13.0 < 13.0.1 (CVE-2020-13266)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions CVE-2020-13266 Note...
BIT-GITLAB-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery, and other features. GitLab has a security vulnerability that stems from its insecure authorization...
Authorization
In TOTOLINK EX1200T V4.1.2cu.5215, an attacker can obtain sensitive information wifikey, wifiname, etc. without authorization...
GHSA-44GV-FGCJ-W546 Missing Authorization in DayByDay CRM
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. An attacker that has the lowest privileges account employee type user, can view the appointments of all users in the system including administrators. However, this type of user is not authorized to view the...
Privilege Escalation
october is vulnerable to privilege escalation. Users with "Publisher" access is able to escalate their access to "Developer" due to insecure authorization in the create & manager users module...
Insecure Authorization
strapi-plugin-content-type-builder suffers from insecure authorization. The admin::hasPermissions restriction for the content-type-builder CTB routes are not configured, allowing unauthorized access to the affected resources...
FreeBSD : Gitlab -- Multiple Vulnerabilities (0a305431-bc98-11ea-a051-001b217b3468)
Gitlab reports : Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...
Gitlab -- Multiple Vulnerabilities
Gitlab reports: Missing Permission Check on Time Tracking Cross-Site Scripting in PyPi Files API Insecure Authorization Check on Private Project Security Dashboard Cross-Site Scripting in References Cross-Site Scripting in Group Names Cross-Site Scripting in Blob Viewer Cross-Site Scripting in...
Authorization
In Unisys Stealth 3.4.x, 4.x and 5.x before 5.0.026, if certificate-based authorization is used without HTTPS, an endpoint could be authorized without a private key...
CVE-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...
CVE-2020-13266
Insecure authorization in Project Deploy Keys in GitLab CE/EE 12.8 and later through 13.0.1 allows users to update permissions of other users' deploy keys under certain conditions...