Ansible: Logic flaw leads to privilage escalation

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...

CVE-2022-30727

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in work space...

CVE-2022-26671

Taiwan Secom Dr.ID Access Control system’s login page has a hard-coded credential in the source code. An unauthenticated remote attacker can use the hard-coded credential to acquire partial system information and modify system setting to cause partial disrupt of service...

Taiwan Secom Dr.ID Access control 信任管理问题漏洞

Taiwan Secom Dr.ID Access control is an access control system from Taiwan Secom Corporation in Taiwan, China. A security vulnerability exists in the Taiwan Secom Dr.ID Access control system due to a hard-coded credential in the source code of the login page. An unauthenticated remote attacker cou...

CVE-2022-22807

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Product: EcoStruxure EV Charging Expert former...

CVE-2021-24993

The Ultimate Product Catalog WordPress plugin before 5.0.26 does not have authorisation and CSRF checks in some AJAX actions, which could allow any authenticated users, such as subscriber to call them and add arbitrary products, or change the plugin's settings for example...

CVE-2021-22819

A CWE-1021 Improper Restriction of Rendered UI Layers or Frames vulnerability exists that could cause unintended modifications of the product settings or user accounts when deceiving the user to use the web interface rendered within iframes. Affected Products: EVlink City EVC1S22P4 / EVC1S7P4 All...

CVE-2021-20152

Trendnet AC2600 TEW-827DRU version 2.08B01 lacks proper authentication to the bittorrent functionality. If enabled, anyone is able to visit and modify settings and files via the Bittorent web client by visiting: http://192.168.10.1:9091/transmission/web/...

The vulnerability of Juniper Networks’ 128 Technology Session Smart Router, related to authentication bypass, allows attackers to access internal files, modify settings, manipulate services, and execute arbitrary code.

The vulnerability of Juniper Networks’ 128 Technology Session Smart Router relates to the bypassing of authentication processes. Exploiting this vulnerability allows a remote attacker to access internal files, modify settings, manipulate services, and execute arbitrary code...

CVE-2021-21744

ZTE MF971R product has a configuration file control vulnerability. An attacker could use this vulnerability to modify the configuration parameters of the device, causing some security functions of the device to be disabled...

ZTE MF971R LTE router 安全漏洞

The ZTE MF971R is a Cat 6 LTE mobile Wi-Fi router with download speeds up to 300mbps and upload speeds up to 50mbps.A configuration file control vulnerability exists in the ZTE MF971R. An attacker could exploit the vulnerability to modify the device's configuration parameters, which could result ...

PYSEC-2021-375

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

UBUNTU-CVE-2021-40325

Cobbler before 3.3.0 allows authorization bypass for modification of settings...

CVE-2021-40325

A flaw was found in cobbler. This flaw lies in the token validation and could allow an attacker to bypass authorization and modify settings...

CVE-2021-1284

A vulnerability in the web-based messaging service interface of Cisco SD-WAN vManage Software could allow an unauthenticated, adjacent attacker to bypass authentication and authorization and modify the configuration of an affected system. To exploit this vulnerability, the attacker must be able t...

SAMSUNG keyboard 安全漏洞

Samsung keyboard is a cell phone application from Samsung South Korea. It provides an input function. A security vulnerability exists in Samsung keyboard version prior to SMR Feb-2021 Release 1, which allows a close-range attacker to change arbitrary settings during the initialization state. No...

PT-2020-4665 · Cisco · Cisco Integrated Management Controller

Name of the Vulnerable Software and Affected Versions: Cisco Integrated Management Controller affected versions not specified Description: A vulnerability in the API endpoints of Cisco Integrated Management Controller could allow an authenticated, remote attacker to bypass authorization and take...

Synergy Systems & Solutions HUSKY RTU 6049-E70 Access Control Error Vulnerability

Synergy Systems & Solutions HUSKY RTU 6049-E70 is a Remote Terminal Unit RTU from Synergy Systems & Solutions, India. The Synergy Systems & Solutions HUSKY RTU 6049-E70 suffers from an Access Control Error vulnerability that can be exploited by an attacker to change the configuration or perform...

Improper Access Control Vulnerability in RICOH printers

Overview Multiple RICOH printers contain Improper Access Control CWE-284. RICOH COMPANY, LTD. reported this vulnerability to IPA to notify users of its solution through JVN. JPCERT/CC and RICOH COMPANY, LTD. coordinated under the Information Security Early Warning Partnership. Impact A user who c...

CVE-2019-6854

A CWE-287: Improper Authentication vulnerability exists in a folder within EcoStruxure Geo SCADA Expert ClearSCADA -with initial releases before 1 January 2019- which could cause a low privilege user to delete or modify database, setting or certificate files. Those users must have access to the...