Lucene search
K

26 matches found

BDU FSTEC
BDU FSTEC
added 2025/07/15 12:0 a.m.8 views

The vulnerability of the “Tekon” SCADA system, related to the failure to implement protective measures for the SQL query structure, allows attackers to gain unauthorized access to protected information.

The vulnerability of the SCADA system “Tekon” is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability can allow an attacker operating remotely to gain unauthorized access to protected information...

7.6CVSS5.6AI score
Exploits0References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2025/03/17 12:0 a.m.6 views

The vulnerability of the web interface of the IBM Sterling B2B Integrator software allows a perpetrator to execute arbitrary code and gain unauthorized access to protected information.

The vulnerability of the web interface of the IBM Sterling B2B Integrator software solution relates to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely and gain unauthorized access to protected...

6.4CVSS6AI score0.00215EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2024/10/30 12:0 a.m.8 views

The vulnerability of the Digital Platform “ForSight. Analytical Platform” arises from the lack of measures taken to protect the website structure, allowing attackers to carry out XSS attacks.

The vulnerability of the “Forrest. Analytical Platform” digital platform is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to carry out XSS attacks...

6.8CVSS5.5AI score
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/10 2:43 p.m.18 views

CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui

A Cross-Site Request Forgery CSRF vulnerability exists in the restartprogram function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted CSRF...

4.4CVSS6.9AI score0.00166EPSS
Exploits1References1
BDU FSTEC
BDU FSTEC
added 2024/02/16 12:0 a.m.6 views

The vulnerability of the software for network monitoring and management of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure, allowing attackers to execute arbitrary code.

The vulnerability of the software for network monitoring and management of IT infrastructure on the SolarWinds Platform lies in the lack of protective measures for the SQL query structure. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely...

8CVSS8.1AI score0.01536EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/10 3:24 a.m.22 views

CVE-2023-45698 HCL Sametime is impacted by clickjacking

Sametime is impacted by lack of clickjacking protection in Outlook add-in. The application is not implementing appropriate protections in order to protect users from clickjacking attacks...

4.8CVSS6.9AI score0.00318EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2024/01/06 12:0 a.m.5 views

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...

5.5CVSS5.9AI score0.00597EPSS
Exploits0References2Affected Software2
BDU FSTEC
BDU FSTEC
added 2024/01/06 12:0 a.m.3 views

The vulnerability of Adobe Experience Manager’s content and media data management system, related to the lack of measures taken to protect the website structure, allows attackers to carry out XSS attacks.

The vulnerability of the Adobe Experience Manager content and media data management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability could allow a malicious actor to carry out XSS attacks...

5.5CVSS5.9AI score0.00597EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2022/12/23 12:0 a.m.5 views

The vulnerability of Adobe Experience Manager’s content and media data management system, which stems from the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of Adobe Experience Manager’s content and media data management system exists due to the lack of measures taken to protect the structure of web pages. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks using a specially created link...

5.5CVSS5.6AI score0.0048EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2022/09/13 12:0 a.m.2 views

PT-2022-5645 · Microsoft · Windows Graphics +1

Name of the Vulnerable Software and Affected Versions: Windows Graphics Component affected versions not specified Description: The issue is related to a lack of protection for sensitive data in the Windows Graphics Component. It may allow a remote attacker to gain unauthorized access to a device...

7.8CVSS6.8AI score0.01956EPSS
Exploits0References10
Huntr
Huntr
added 2022/08/02 1:47 p.m.14 views

No password brute-force protection on login page

Description The login page doesn't have any protection against a brute-force password attack, which allows an attacker to try every possible password combination without any restriction. Proof of Concept 1. 1 - Send a login request of the target user POST http://localhost:3000/api/access-tokens...

0.7AI score
Exploits0
CNVD
CNVD
added 2022/07/15 12:0 a.m.17 views

Samsung GsmAlarmManager Information Disclosure Vulnerability

Samsung GsmAlarmManager is a timing task for Samsung Samsung mobile devices.An information disclosure vulnerability exists in Samsung GsmAlarmManager, which stems from a lack of protection of sensitive information in GsmAlarmManager, and can be exploited by local attackers to access the ICCID...

2.3CVSS3.6AI score0.00098EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2021/09/08 12:0 a.m.6 views

Vulnerability of the /controller/publishHotel.php component of the Hotels Server content management system, allowing a hacker to execute arbitrary code.

The vulnerability of the /controller/publishHotel.php component of the Hotels Server content management system is related to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

6.1CVSS6.7AI score0.01246EPSS
Exploits1References5Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/03/02 12:0 a.m.7 views

The vulnerability of the graphical interface of the Fortinet FortiManager software, a centralized device management tool, allows a hacker to execute a cross-site scripting attack.

The vulnerability of the graphical interface of the Fortinet FortiManager device management software exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform a cross-site scripting attack using the buffer paramete...

4.7CVSS5.4AI score
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2021/01/25 12:0 a.m.7 views

MediaWiki 跨站请求伪造漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki suffers from a cross-site request forgery vulnerability that stems from not having protection...

5.3CVSS6.6AI score0.00716EPSS
Exploits0References7
BDU FSTEC
BDU FSTEC
added 2020/08/05 12:0 a.m.4 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to gain unauthorized access to protected information.

The vulnerability of the Core component of the Oracle VM VirtualBox software lies in the lack of protection for operational data. Exploiting this vulnerability can allow an intruder to gain unauthorized access to protected information...

5.3CVSS6.7AI score0.00549EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2020/03/20 7:15 p.m.13 views

Design/Logic Flaw

RainLoop Webmail before 1.13.0 lacks XSS protection mechanisms such as xlink:href validation, the X-XSS-Protection header, and the Content-Security-Policy header...

4.3CVSS6AI score0.00918EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/03/18 12:0 a.m.5 views

The vulnerability of the Connected User Experiences and Telemetry Services for Windows operating systems allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Connected User Experiences and Telemetry Services for Windows operating systems stems from the lack of protection for service-related data. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected information through a specially created...

5.5CVSS5.9AI score0.01531EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2020/01/15 12:0 a.m.4 views

The vulnerability of the SAP Diagnostic Agent, related to the lack of protection for operational data, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the SAP Diagnostic Agent lies in the lack of protection for operational data. Exploiting this vulnerability allows a malicious actor, operating remotely, to gain unauthorized access to protected information through a specially crafted query...

4.3CVSS5.5AI score0.00704EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/05/24 12:0 a.m.4 views

The vulnerability of Intel Core processors lies in the lack of protection for system data, which allows attackers to exploit this to disclose confidential information.

The vulnerability of Intel Core processors is related to the lack of protection for system data. Exploiting this vulnerability can allow attackers to disclose the protected information...

3.8CVSS5.4AI score0.00931EPSS
Exploits0References4
Rows per page
Query Builder