CVE-2024-8969

OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators...

CVE-2024-8969 The SYSCOM Group OMFLOW - Exposure of Sensitive Data

OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators...

CVE-2024-8969

The CVE-2024-8969 entry concerns OMFLOW by The SYSCOM Group. Affected software/component: OMFLOW; root cause/issue: exposure of password hashes of all users and administrators. Exploitation details in the source documents indicate remote attackers who have logged into the system can obtain these ...

CVE-2024-8969 The SYSCOM Group OMFLOW - Exposure of Sensitive Data

OMFLOW from The SYSCOM Group has a vulnerability involving the exposure of sensitive data. This allows remote attackers who have logged into the system to obtain password hashes of all users and administrators...

SYSCOM OMFLOW 信息泄露漏洞

SYSCOM OMFLOW is an information maintenance management system from China's SYSCOM Corporation. An information disclosure vulnerability exists in SYSCOM OMFLOW version 1.2.0 and prior versions, which originates from a remote attacker who logs into the system and can obtain the password hashes of a...

CVE-2024-8780

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users...

CVE-2024-8779

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server...

CVE-2024-8779

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server...

CVE-2024-8780

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users...

CVE-2024-8778

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files...

CVE-2024-8777

OMFLOW from The SYSCOM Group has an information leakage vulnerability, allowing unauthorized remote attackers to read arbitrary system configurations. If LDAP authentication is enabled, attackers can obtain plaintext credentials...

CVE-2024-8778

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files...

CVE-2024-8780 The SYSCOM Group OMFLOW - Improper Authorization for Data Query Function

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users...

CVE-2024-8780 The SYSCOM Group OMFLOW - Improper Authorization for Data Query Function

OMFLOW from The SYSCOM Group does not properly restrict the query range of its data query functionality, allowing remote attackers with regular privileges to obtain accounts and password hashes of other users...

CVE-2024-8780

The CVE-2024-8780 issue affects OMFLOW from The SYSCOM Group, where the data query function does not properly restrict the query range. This root cause allows remote attackers with regular privileges (network access, low privilege) to obtain accounts and password hashes of other users, as stated ...

CVE-2024-8779 The SYSCOM Group OMFLOW - Broken Access Control

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server...

CVE-2024-8779 The SYSCOM Group OMFLOW - Broken Access Control

OMFLOW from The SYSCOM Group does not properly restrict access to the system settings modification functionality, allowing remote attackers with regular privileges to update system settings or create accounts with administrator privileges, thereby gaining control of the server...

CVE-2024-8779

The CVE-2024-8779 entry concerns OMFLOW by The SYSCOM Group, where access to system settings modification is not properly restricted. The vulnerability allows remote attackers with regular privileges to update system settings or create administrator accounts, potentially gaining full control of t...

CVE-2024-8778

CVE-2024-8778 concerns OMFLOW by The SYSCOM Group. The Connected documents specify that the vulnerability arises from improper validation of user input in the download functionality, enabling remote attackers with regular privileges to read arbitrary system files. Affected product is OMFLOW; impa...

CVE-2024-8778 The SYSCOM Group OMFLOW - Arbitrary File Read

OMFLOW from The SYSCOM Group does not properly validate user input of the download functionality, allowing remote attackers with regular privileges to read arbitrary system files...