Lucene search
K

80 matches found

NVD
NVD
added 2021/01/04 3:15 a.m.23 views

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

4.8CVSS4.8AI score0.00512EPSS
Exploits1References2
Prion
Prion
added 2021/01/04 3:15 a.m.18 views

Cross site request forgery (csrf)

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executarcentral.php?acao=altsenhaprinc URI...

6.8CVSS8.8AI score0.00528EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2021/01/04 3:15 a.m.19 views

Design/Logic Flaw

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

3.5CVSS4.7AI score0.00512EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2021/01/04 2:5 a.m.87 views

CVE-2021-21495

CVE-2021-21495 affects MK-AUTH up to version 19.01 K4.9, where a Cross-Site Request Forgery (CSRF) enables password changes via the URI central/executar_central.php?acao=altsenha_princ. The connected sources consistently describe the vulnerability as a CSRF flaw affecting the password-change func...

8.8CVSS8.8AI score0.00528EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/01/04 2:5 a.m.19 views

CVE-2021-21495

MK-AUTH through 19.01 K4.9 allows CSRF for password changes via the central/executarcentral.php?acao=altsenhaprinc URI...

9.1AI score0.00528EPSS
Exploits1References2
CVE
CVE
added 2021/01/04 2:5 a.m.79 views

CVE-2021-21494

CVE-2021-21494 affects MK-AUTH up to version 19.01 K4.9. It enables a cross-site scripting (XSS) flaw via the admin/logs_ajax.php tipo parameter, allowing an attacker to read the centralmka2 session token cookie, which is not marked HttpOnly. The provided documents consistently describe the vulne...

4.8CVSS4.8AI score0.00512EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2021/01/04 2:5 a.m.27 views

CVE-2021-21494

MK-AUTH through 19.01 K4.9 allows XSS via the admin/logsajax.php tipo parameter. An attacker can leverage this to read the centralmka2 session token cookie, which is not set to HTTPOnly...

5AI score0.00512EPSS
Exploits1References2
NVD
NVD
added 2021/01/03 4:15 a.m.17 views

CVE-2021-3005

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information e.g., a CPF number via a modified titulo aka invoice number value to the central/recibo.php URI...

4.3CVSS4.5AI score0.00856EPSS
Exploits0References2
Prion
Prion
added 2021/01/03 4:15 a.m.14 views

Design/Logic Flaw

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information e.g., a CPF number via a modified titulo aka invoice number value to the central/recibo.php URI...

4CVSS4.5AI score0.00856EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/01/03 3:37 a.m.24 views

CVE-2021-3005

MK-AUTH through 19.01 K4.9 allows remote attackers to obtain sensitive information e.g., a CPF number via a modified titulo aka invoice number value to the central/recibo.php URI...

4.8AI score0.00856EPSS
Exploits0References2
CVE
CVE
added 2021/01/03 3:37 a.m.80 views

CVE-2021-3005

CVE-2021-3005 affects MK-AUTH through version 19.01 K4.9. Multiple sources describe an information-disclosure vulnerability where remote attackers can obtain sensitive data (e.g., CPF numbers) by sending a modified titulo (invoice number) to the central/recibo.php URI. The connected documents do ...

4.3CVSS4.4AI score0.00856EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2021/01/03 12:0 a.m.7 views

MK-AUTH Cross-Site Scripting Vulnerability

MK-AUTH is an access control system by the individual developer Pedro Filho in Brazil. A cross-site scripting vulnerability exists in MK-AUTH through version 19.01 K4.9, which originates in the tipo parameter of the admin log ajax.php. An attacker can exploit the vulnerability to read the...

4.8CVSS5.7AI score0.00512EPSS
Exploits1References3
CNNVD
CNNVD
added 2021/01/02 12:0 a.m.9 views

MK-AUTH Security Vulnerability

MK-AUTH is an access control system by the individual developer Pedro Filho in Brazil. A security vulnerability exists in MK-AUTH version 19.01 K4.9 and earlier versions, which allows remote attackers to obtain sensitive information such as CPF numbers to the central recibo.php URI via a modified...

4.3CVSS5.8AI score0.00856EPSS
Exploits0References3
CNVD
CNVD
added 2020/06/30 12:0 a.m.6 views

MK-AUTH cross-site scripting vulnerability (CNVD-2021-17430)

MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A cross-site scripting vulnerability exists in the admin and client scripts in MK-AUTH version 19.01, which can be exploited by an attacker to execute arbitrary JavaScript code...

6.1CVSS6.6AI score0.00685EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/30 12:0 a.m.7 views

MK-AUTH SQL Injection Vulnerability

MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A SQL injection vulnerability exists in the mkt/ PHP script in MK-AUTH version 19.01, which can be exploited by an attacker to execute illegal SQL commands...

6.8CVSS8AI score0.00419EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/30 12:0 a.m.5 views

MK-AUTH Authorization Issues Vulnerability

MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. An authorization issue vulnerability exists in the Web login feature in MK-AUTH version 19.01, which can be exploited by an attacker to bypass authentication and gain client privileges...

9.8CVSS7.2AI score0.01137EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/30 12:0 a.m.8 views

MK-AUTH Trust Management Issue Vulnerability

MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A trust management issue vulnerability exists in the Web login feature in MK-AUTH version 19.01, which can be exploited to bypass authentication and gain administrator access with the help of the...

10CVSS7.2AI score0.0181EPSS
Exploits0References1
CNVD
CNVD
added 2020/06/30 12:0 a.m.7 views

Unspecified Vulnerability in MK-AUTH

MK-AUTH is an access control system from the Brazilian software developer Pedro Filho. A security vulnerability exists in multiple endpoints of the /admin path in MK-AUTH version 19.01, which can be exploited to execute commands using shell metacharacters...

10CVSS7.4AI score0.03372EPSS
Exploits0References1
OSV
OSV
added 2020/06/29 5:15 p.m.3 views

CVE-2020-14069

An issue was discovered in MK-AUTH 19.01. There are SQL injection issues in mkt/ PHP scripts, as demonstrated by arp.php, dhcp.php, hotspot.php, ip.php, pgaviso.php, pgcorte.php, pppoe.php, queues.php, and wifi.php...

6.8CVSS6.7AI score0.00419EPSS
Exploits0References2
NVD
NVD
added 2020/06/29 5:15 p.m.19 views

CVE-2020-14070

An issue was discovered in MK-AUTH 19.01. There is authentication bypass in the web login functionality because guessable credentials to admin/executarlogin.php result in admin access...

10CVSS0.0181EPSS
Exploits0References2
Rows per page
Query Builder