65 matches found
PT-2025-2608 · Ibm · Ibm Cognos Dashboards
Name of the Vulnerable Software and Affected Versions: IBM Cognos Dashboards versions 4.0.7 through 5.0.0 Description: The issue is related to dependency confusion, allowing a remote attacker to perform unauthorized actions. This could potentially lead to privilege escalation. Recommendations: Fo...
PT-2024-34627 · Ethereum · Ethereum
Name of the Vulnerable Software and Affected Versions: PepeGxng smart contract affected versions not specified Ethereum version 1.12.2 Description: An issue in the PepeGxng smart contract, which can be run on the Ethereum blockchain, allows remote attackers to have an unspecified impact via the...
The vulnerability of the software for automating the management of OpenText Content Manager documents lies in the insecure handling of privileges. This allows an attacker to elevate their privileges or perform arbitrary actions.
The vulnerability of the OpenText Content Manager software for document automation management is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges or perform arbitrary actions remotely...
The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity, related to bypassing the authentication process through an alternative path or channel, allows a hacker to perform arbitrary actions.
The vulnerability of the Continuous Integration and Application Delivery system CI/CD of JetBrains TeamCity relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...
CVE-2024-20252
Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers...
CVE-2023-48252
The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests...
The vulnerability of the Hazelcast data analysis platform, related to deficiencies in authentication procedures, allows attackers to perform arbitrary actions.
The vulnerability of the Hazelcast data analysis platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...
The vulnerability of the MODULYS GP (MOD3GP-SY-120K) module-based power supply management web application allows a attacker to perform arbitrary actions.
The vulnerability of the MODULYS GP MOD3GP-SY-120K web-based management application relates to its dependence on cookie files without any checks for their validity and integrity. Exploiting this vulnerability could allow an attacker to perform arbitrary actions remotely...
The vulnerability of the MODULYS GP (MOD3GP-SY-120K) module-based power supply management web application allows a attacker to perform arbitrary actions.
The vulnerability of the MODULYS GP MOD3GP-SY-120K web-based management application relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...
PT-2023-5212 · Schweitzer Engineering Laboratories · Sel Grid Configurator
Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20 Description: A Cross-Site Request Forgery CSRF issue affects the SEL Grid Configurator, allowing an attacker to embed instructions that could be...
Make Token Command
In its default configuration, this module creates a new network security context with the specified logon data username, domain and password. Under the hood, Meterpreter's access token is cloned, and a new logon session is created and linked to that token. The token is then impersonated to acquir...
The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to perform arbitrary actions.
The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...
SUSE CVE-2006-5116
Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...
Splunk 安全漏洞
Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk...
[SECURITY] Fedora 36 Update: gitqlient-1.5.0-2.fc36
GitQlient, pronounced as git+client /g=EF=BF=BD=EF=BF=BDt=EF=BF=BD=EF=BF=BDk la=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BDnt/ is a multi-platform Git client originally forked from QGit. Nowadays it goes beyond of just a fork and adds a lot of new functionality. Some of the major feature you can find are...
The vulnerability of the embedded web-server microprogramming software in industrial switches SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1, SCALANCE X408-2, SCALANCE XR324-4M, SCALANCE XR324-12M, and SIPLUS NET SCALANCE X308-2 allows a perpetrator to perform arbitrary actions.
The vulnerability of the embedded web-server microprogramming software in industrial switches SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1, SCALANCE X408-2, SCALANCE XR324-4M, and...
CVE-2021-27444 Weintek EasyWeb cMT Improper Access Control
The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator...
The vulnerability of the Voice Telephony Service Provider (VTSP) for Cisco IOS XE and Cisco IOS operating systems allows attackers to perform arbitrary actions on the vulnerable device.
The vulnerability of the Voice Telephony Service Provider VTSP for Cisco IOS XE and Cisco IOS operating systems is related to errors during the validation of strings in the Foreign Exchange Office FXO interfaces. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions ...
CVE-2021-38480 InHand Networks IR615 Router
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...
IR615 Router 跨站请求伪造漏洞
The IR615 Router is a 4G industrial router from Rimu Technologies, China. IR615 Router is vulnerable to cross-site request forgery, which can be exploited by attackers to remotely execute operations on the router's management portal...