Lucene search
K

286 matches found

CNNVD
CNNVD
added 2023/12/08 12:0 a.m.7 views

DoraCMS Security Vulnerability

DoraCMS is a software application. A content management system written on Nodejs + eggjs + mongodb. A security vulnerability exists in DoraCMS version v2.1.8, which originates from reusing the same code to validate a valid username and password. An attacker could exploit the vulnerability to gain...

9.8CVSS9.3AI score0.00815EPSS
Exploits1References2
Redos
Redos
added 2023/09/18 12:0 a.m.32 views

ROS-20230913-02

Nextcloud server vulnerability is related to improper access control. Exploitation of the vulnerability could allow an attacker acting remotely to access files within a subfolder of an accessible group folder, even if extended permissions block access to the subfolder. of a group folder, even if...

8.1CVSS7.1AI score0.00822EPSS
Exploits0
NVD
NVD
added 2023/09/11 8:15 a.m.24 views

CVE-2023-4816

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...

8.8CVSS7.9AI score0.00522EPSS
Exploits0References1
OSV
OSV
added 2023/09/11 8:15 a.m.7 views

CVE-2023-4816

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...

8.8CVSS5.9AI score0.00522EPSS
Exploits0References1
Prion
Prion
added 2023/09/11 8:15 a.m.21 views

Input validation

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...

6.5CVSS8.8AI score0.00522EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/09/11 7:40 a.m.28 views

CVE-2023-4816

A vulnerability exists in the Equipment Tag Out authentication, when configured with Single Sign-On SSO with password validation in T214. This vulnerability can be exploited by an authenticated user per-forming an Equipment Tag Out holder action Accept, Release, and Clear for another user and...

6.9CVSS8.9AI score0.00522EPSS
Exploits0References1
CVE
CVE
added 2023/09/11 7:40 a.m.48 views

CVE-2023-4816

CVE-2023-4816 affects Hitachi Energy Asset Suite (Asset Suite 9) with SSO/password validation. A authenticated user can perform an Equipment Tag Out holder action (Accept, Release, Clear) for another user and enter an arbitrary password in the confirmation dialog; the system will still execute th...

8.8CVSS8.7AI score0.00522EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/09/08 12:0 a.m.5 views

PT-2023-5834 · Unknown · Asset Suite Eam

Name of the Vulnerable Software and Affected Versions: Asset Suite EAM versions affected versions not specified Description: A vulnerability exists in the Equipment Tag Out authentication when configured with Single Sign-On SSO and password validation. This issue allows an authenticated user to...

8.8CVSS8.7AI score0.00522EPSS
Exploits0References8
CNNVD
CNNVD
added 2023/08/18 12:0 a.m.7 views

social-media-skeleton 安全漏洞

social-media-skeleton is an unfinished social media project implemented in php, css, javascript and html by the individual developer of fobybus. A security vulnerability exists in social-media-skeleton prior to version 1.0.5, which stems from validating password policies only on the client-side...

7.5CVSS7.3AI score0.00535EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/08/10 12:0 a.m.5 views

Nextcloud Access Control Error Vulnerability

Nextcloud is a suite of open source, self-hosted file synchronization and sharing communication application platform from Nextcloud Germany. An access control error vulnerability exists in Nextcloud Server that stems from a lack of password validation...

8.1CVSS7AI score0.00242EPSS
Exploits0References4
OSV
OSV
added 2023/08/04 12:15 a.m.6 views

CVE-2023-36131

PHPJabbers Availability Booking Calendar 5.0 is vulnerable to Incorrect Access Control due to improper input validation of password parameter...

9.8CVSS5.8AI score0.00746EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/08/03 12:0 a.m.5 views

Availability Booking Calendar PHP Security Vulnerability

Availability Booking Calendar PHP is an open source availability booking calendar system by GZ Scripts. A security vulnerability exists in Availability Booking Calendar version 5.0, which stems from incorrect validation of password parameter input and vulnerability to incorrect access control...

9.8CVSS7AI score0.00746EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/08/01 11:15 p.m.9 views

CVE-2023-33561

Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords...

9.8CVSS5.8AI score0.00825EPSS
Exploits0References4
OSV
OSV
added 2023/08/01 11:15 p.m.3 views

CVE-2023-33561

Improper input validation of password parameter in PHP Jabbers Time Slots Booking Calendar v 3.3 results in insecure passwords...

9.8CVSS5.8AI score0.00825EPSS
Exploits0References2
OSV
OSV
added 2023/06/22 5:15 p.m.17 views

UBUNTU-CVE-2023-3326

pamkrb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket tgt from the Kerberos KDC Key Distribution Center over the network, as a way to verify the password. However, if a keytab is not provisioned on the system, pamkrb5 has no way to validate...

9.8CVSS5.8AI score0.01098EPSS
Exploits0References4
NVD
NVD
added 2023/05/30 8:15 a.m.27 views

CVE-2023-1524

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...

6.5CVSS6.5AI score0.00737EPSS
Exploits2References1
Prion
Prion
added 2023/05/30 8:15 a.m.22 views

Default credentials

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...

4CVSS6.4AI score0.00737EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/05/30 7:49 a.m.9 views

CVE-2023-1524 Download Manager < 3.2.71 - Broken Access Controls

The Download Manager WordPress plugin before 3.2.71 does not adequately validate passwords for password-protected files. Upon validation, a master key is generated and exposed to the user, which may be used to download any password-protected file on the server, allowing a user to download any fil...

7AI score0.00737EPSS
Exploits2References1
CVE
CVE
added 2023/05/30 7:49 a.m.90 views

CVE-2023-1524

The CVE-2023-1524 issue affects the WordPress Download Manager plugin prior to version 3.2.71. According to multiple sources, the vulnerability is an improper access control: during password validation a master key is generated and exposed to the user, which can be used to download any password‑p...

6.5CVSS6.7AI score0.00737EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/30 12:0 a.m.5 views

PT-2023-17052 · WordPress · Download Manager

Name of the Vulnerable Software and Affected Versions: Download Manager WordPress plugin versions prior to 3.2.71 Description: The issue concerns inadequate password validation for password-protected files. When a password is validated, a master key is generated and exposed to the user. This mast...

6.5CVSS9.7AI score0.00737EPSS
Exploits2References3
Rows per page
Query Builder