Lucene search
+L

196 matches found

CVE
CVE
added 2023/04/14 12:0 a.m.52 views

CVE-2022-45170

CVE-2022-45170 affects LIVEBOX Collaboration vDesk (pre-v018) via the endpoint /api/v1/vencrypt/decrypt/file. A malicious user, already logged into a victim’s account, can decipher a file without the user’s key, revealing a cryptographic issue impacting confidentiality. The current sources descri...

6.5CVSS6.3AI score0.00444EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/14 12:0 a.m.53 views

CVE-2022-45178

The CVE-2022-45178 entry concerns LIVEBOX Collaboration vDesk v018 and earlier, where a Broken Access Control flaw exists in multiple endpoints: /api/v1/vdeskintegration/saml/user/createorupdate, /settings/guest-settings, /settings/samlusers-settings, and /settings/users-settings. A logged-in SAM...

8.8CVSS8.7AI score0.00964EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/14 12:0 a.m.153 views

CVE-2022-45180

CVE-2022-45180 affects LIVEBOX Collaboration vDesk (through v018) with Broken Access Control at the /api/v1/vdesk_{DOMAIN]/export endpoint. A user authenticated to the product without special privileges can export information for all users, a function intended for administrators. Public reference...

6.5CVSS6.2AI score0.00713EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/04/14 12:0 a.m.65 views

CVE-2022-45174

CVE-2022-45174 affects LIVEBOX Collaboration vDesk versions through v018. The issue allows bypassing Two-Factor Authentication for SAML users via /login/backup_code and /api/v1/vdeskintegration/challenge, by supplying a non-validated backup code, due to improper TOTP verification. Documents descr...

9.8CVSS9.4AI score0.01033EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/01/31 6:15 p.m.26 views

CVE-2022-45172

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...

9.8CVSS9.7AI score0.01074EPSS
Exploits1References1
OSV
OSV
added 2023/01/31 6:15 p.m.9 views

CVE-2022-45172

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...

9.8CVSS5.8AI score0.01074EPSS
Exploits1References1
Prion
Prion
added 2023/01/31 6:15 p.m.18 views

Improper access control

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...

7.5CVSS9.6AI score0.01074EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/01/31 12:0 a.m.9 views

LIVEBOX Collaboration vDesk 安全漏洞

LIVEBOX Collaboration vDesk is an application from LIVEBOX, Inc. A security vulnerability exists in LIVEBOX Collaboration vDesk prior to version v018, which stems from an authorization logic flaw that can be exploited by an attacker to perform a privilege escalation to the administrator role and...

9.8CVSS8.4AI score0.01074EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/01/31 12:0 a.m.29 views

CVE-2022-45172

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...

9.9AI score0.01074EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2023/01/31 12:0 a.m.11 views

CVE-2022-45172

An issue was discovered in LIVEBOX Collaboration vDesk before v018. Broken Access Control can occur under the /api/v1/registration/validateEmail endpoint, the /api/v1/vdeskintegration/user/adduser endpoint, and the /api/v1/registration/changePasswordUser endpoint. The web application is affected ...

9.7AI score0.01074EPSS
Exploits1References1
CVE
CVE
added 2023/01/31 12:0 a.m.63 views

CVE-2022-45172

LIVEBOX Collaboration vDesk (pre-v018) is affected by a Broken Access Control issue caused by flaws in authorization logic. The vulnerability enables a malicious user with no privileges to escalate to administrator and access other user accounts via three endpoints: /api/v1/registration/validateE...

9.8CVSS9.5AI score0.01074EPSS
Exploits1References1Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/02/26 12:0 a.m.6 views

The vulnerability in the get_getnetworkconf.cgi script of the Orange Livebo wireless router’s microprogramming software allows a attacker to gain access to protected information.

The vulnerability in the getgetnetworkconf.cgi script of the wireless router’s microprogramming system is caused by a error in the management of registration data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to protected information using the HTTP...

7.8CVSS7.8AI score0.07721EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2018/12/29 12:0 a.m.4 views

Orange Livebox Cross-Site Request Forgery Vulnerability

Orange Livebox is an ADSL Asymmetric Digital Subscriber Line modem. Multiple files in Orange Livebox version 00.96.320S Firmware version 00.96.320S, Boot v0.70.03, Modem version 5.4.1.10.1.1A, Hardware version 02 and Arcadyan ARV7519RW22-A-L T VR9 version 1.2 are vulnerable to cross-site request...

9.4CVSS6.9AI score0.00581EPSS
Exploits1References1
CNVD
CNVD
added 2018/12/29 12:0 a.m.4 views

Orange Livebox Cross-Site Request Forgery Vulnerability (CNVD-2019-03335)

Orange Livebox is an ADSL Asymmetric Digital Subscriber Line modem. In Orange Livebox version 00.96.320S Firmware version 00.96.320S, Boot v0.70.03, Modem version 5.4.1.10.1.1A, Hardware version 02 and Arcadyan ARV7519RW22-A-L T VR9 version 1.2 and Arcadyan ARV7519RW22-A-L T VR9 1.2 versions, a...

5.8CVSS6.9AI score0.00412EPSS
Exploits1References1
OSV
OSV
added 2018/12/28 5:29 p.m.7 views

CVE-2018-20576

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

5.4CVSS5.9AI score0.00412EPSS
Exploits1References2
Prion
Prion
added 2018/12/28 5:29 p.m.18 views

Cross site request forgery (csrf)

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

5.8CVSS5.7AI score0.00412EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2018/12/28 5:29 p.m.7 views

CVE-2018-20575

Orange Livebox 00.96.320S devices have an undocumented /systemfirmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2...

7.5CVSS5.8AI score0.0098EPSS
Exploits1References1
NVD
NVD
added 2018/12/28 5:29 p.m.21 views

CVE-2018-20576

Orange Livebox 00.96.320S devices allow cgi-bin/autodialing.exe and cgi-bin/phonetest.exe CSRF, leading to arbitrary outbound telephone calls to an attacker-specified telephone number. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan...

5.8CVSS5.7AI score0.00412EPSS
Exploits1References2
OSV
OSV
added 2018/12/28 5:29 p.m.5 views

CVE-2018-20577

Orange Livebox 00.96.320S devices allow cgi-bin/restore.exe, cgi-bin/firewallSPI.exe, cgi-bin/setupremotemgmt.exe, cgi-bin/setuppass.exe, and cgi-bin/upgradep.exe CSRF. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T...

9.1CVSS5.8AI score0.00581EPSS
Exploits1References1
NVD
NVD
added 2018/12/28 5:29 p.m.24 views

CVE-2018-20575

Orange Livebox 00.96.320S devices have an undocumented /systemfirmwarel.stm URI for manual firmware update. This is related to Firmware 01.11.2017-11:43:44, Boot v0.70.03, Modem 5.4.1.10.1.1A, Hardware 02, and Arcadyan ARV7519RW22-A-L T VR9 1.2...

7.5CVSS7.6AI score0.0098EPSS
Exploits1References1
Rows per page
Query Builder