Lucene search
+L

65 matches found

ptsecurity
ptsecurity
added 2025/01/24 12:0 a.m.6 views

PT-2025-2608 · Ibm · Ibm Cognos Dashboards

Name of the Vulnerable Software and Affected Versions: IBM Cognos Dashboards versions 4.0.7 through 5.0.0 Description: The issue is related to dependency confusion, allowing a remote attacker to perform unauthorized actions. This could potentially lead to privilege escalation. Recommendations: Fo...

10CVSS7.1AI score0.00427EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2024/10/30 12:0 a.m.6 views

PT-2024-34627 · Ethereum · Ethereum

Name of the Vulnerable Software and Affected Versions: PepeGxng smart contract affected versions not specified Ethereum version 1.12.2 Description: An issue in the PepeGxng smart contract, which can be run on the Ethereum blockchain, allows remote attackers to have an unspecified impact via the...

9.8CVSS7.2AI score0.00631EPSS
Exploits0References5
bdu_fstec
bdu_fstec
added 2024/07/03 12:0 a.m.8 views

The vulnerability of the software for automating the management of OpenText Content Manager documents lies in the insecure handling of privileges. This allows an attacker to elevate their privileges or perform arbitrary actions.

The vulnerability of the OpenText Content Manager software for document automation management is related to insecure management of privileges. Exploiting this vulnerability could allow a malicious actor to enhance their privileges or perform arbitrary actions remotely...

8.5CVSS5.5AI score0.00377EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2024/03/15 12:0 a.m.6 views

The vulnerability of the Continuous Integration and Deployment Application Delivery system (CI/CD) of JetBrains TeamCity, related to bypassing the authentication process through an alternative path or channel, allows a hacker to perform arbitrary actions.

The vulnerability of the Continuous Integration and Application Delivery system CI/CD of JetBrains TeamCity relates to bypassing the authentication process by using an alternative path or channel. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...

7.5CVSS7.9AI score0.99991EPSS
Exploits25References6Affected Software1
osv
osv
added 2024/02/07 5:15 p.m.4 views

CVE-2024-20252

Multiple vulnerabilities in Cisco Expressway Series and Cisco TelePresence Video Communication Server VCS could allow an unauthenticated, remote attacker to conduct cross-site request forgery CSRF attacks that perform arbitrary actions on an affected device. Note: "Cisco Expressway Series" refers...

8.8CVSS5.9AI score0.00846EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/01/10 1:1 p.m.3 views

CVE-2023-48252

The vulnerability allows an authenticated remote attacker to perform actions exceeding their authorized access via crafted HTTP requests...

8.8CVSS7AI score0.00635EPSS
Exploits0References1
bdu_fstec
bdu_fstec
added 2023/12/08 12:0 a.m.10 views

The vulnerability of the Hazelcast data analysis platform, related to deficiencies in authentication procedures, allows attackers to perform arbitrary actions.

The vulnerability of the Hazelcast data analysis platform is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...

9CVSS7.7AI score0.0057EPSS
Exploits0References2Affected Software4
bdu_fstec
bdu_fstec
added 2023/09/21 12:0 a.m.6 views

The vulnerability of the MODULYS GP (MOD3GP-SY-120K) module-based power supply management web application allows a attacker to perform arbitrary actions.

The vulnerability of the MODULYS GP MOD3GP-SY-120K web-based management application relates to its dependence on cookie files without any checks for their validity and integrity. Exploiting this vulnerability could allow an attacker to perform arbitrary actions remotely...

10CVSS7.8AI score0.00579EPSS
Exploits0References4Affected Software1
bdu_fstec
bdu_fstec
added 2023/09/21 12:0 a.m.7 views

The vulnerability of the MODULYS GP (MOD3GP-SY-120K) module-based power supply management web application allows a attacker to perform arbitrary actions.

The vulnerability of the MODULYS GP MOD3GP-SY-120K web-based management application relates to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...

8.9CVSS7.6AI score0.00209EPSS
Exploits0References4Affected Software1
ptsecurity
ptsecurity
added 2023/06/15 12:0 a.m.5 views

PT-2023-5212 · Schweitzer Engineering Laboratories · Sel Grid Configurator

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-5037 SEL Grid Configurator versions prior to 4.5.0.20 Description: A Cross-Site Request Forgery CSRF issue affects the SEL Grid Configurator, allowing an attacker to embed instructions that could be...

7.8CVSS6.7AI score0.00204EPSS
Exploits0References6
metasploit
metasploit
added 2023/06/08 7:50 p.m.315 views

Make Token Command

In its default configuration, this module creates a new network security context with the specified logon data username, domain and password. Under the hood, Meterpreter's access token is cloned, and a new logon session is created and linked to that token. The token is then impersonated to acquir...

6.9AI score
Exploits0
bdu_fstec
bdu_fstec
added 2023/03/23 12:0 a.m.7 views

The vulnerability of the client request handler of the security access control system, IED Siemens RUGGEDCOM CROSSBOW, allows a perpetrator to perform arbitrary actions.

The vulnerability of the client request handler of the Siemens RUGGEDCOM CROSSBOW access control system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions remotely...

9CVSS7.6AI score0.00476EPSS
Exploits0References2Affected Software1
susecve
susecve
added 2023/02/15 6:14 a.m.3 views

SUSE CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

5.1CVSS7.3AI score0.02074EPSS
Exploits0References4
cnnvd
cnnvd
added 2022/11/02 12:0 a.m.7 views

Splunk 安全漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. in the United States. The software is primarily used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk...

8.8CVSS7.9AI score0.00595EPSS
Exploits0References4
fedora
fedora
added 2022/10/08 5:33 p.m.36 views

[SECURITY] Fedora 36 Update: gitqlient-1.5.0-2.fc36

GitQlient, pronounced as git+client /g=EF=BF=BD=EF=BF=BDt=EF=BF=BD=EF=BF=BDk la=EF=BF=BD=EF=BF=BD=EF=BF=BD=EF=BF=BDnt/ is a multi-platform Git client originally forked from QGit. Nowadays it goes beyond of just a fork and adds a lot of new functionality. Some of the major feature you can find are...

7.5CVSS7.7AI score0.02828EPSS
Exploits2
bdu_fstec
bdu_fstec
added 2022/07/13 12:0 a.m.9 views

The vulnerability of the embedded web-server microprogramming software in industrial switches SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1, SCALANCE X408-2, SCALANCE XR324-4M, SCALANCE XR324-12M, and SIPLUS NET SCALANCE X308-2 allows a perpetrator to perform arbitrary actions.

The vulnerability of the embedded web-server microprogramming software in industrial switches SCALANCE X302-7, SCALANCE X304-2FE, SCALANCE X306-1LD FE, SCALANCE X307-2, SCALANCE X307-3, SCALANCE X307-3LD, SCALANCE X308-2, SCALANCE X310, SCALANCE X320-1, SCALANCE X408-2, SCALANCE XR324-4M, and...

10CVSS7.7AI score0.00512EPSS
Exploits0References2Affected Software13
vulnrichment
vulnrichment
added 2022/05/16 5:15 p.m.11 views

CVE-2021-27444 Weintek EasyWeb cMT Improper Access Control

The Weintek cMT product line is vulnerable to various improper access controls, which may allow an unauthenticated attacker to remotely access and download sensitive information and perform administrative actions on behalf of a legitimate administrator...

9.8CVSS6.6AI score0.01105EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2021/10/21 12:0 a.m.6 views

The vulnerability of the Voice Telephony Service Provider (VTSP) for Cisco IOS XE and Cisco IOS operating systems allows attackers to perform arbitrary actions on the vulnerable device.

The vulnerability of the Voice Telephony Service Provider VTSP for Cisco IOS XE and Cisco IOS operating systems is related to errors during the validation of strings in the Foreign Exchange Office FXO interfaces. Exploiting this vulnerability allows a malicious actor to perform arbitrary actions ...

5.3CVSS6AI score0.00974EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2021/10/19 12:11 p.m.19 views

CVE-2021-38480 InHand Networks IR615 Router

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to cross-site request forgery when unauthorized commands are submitted from a user the web application trusts. This may allow an attacker to remotely perform actions on the router’s management portal, such as makin...

9.6CVSS9.4AI score0.00527EPSS
Exploits0References1
cnnvd
cnnvd
added 2021/10/07 12:0 a.m.7 views

IR615 Router 跨站请求伪造漏洞

The IR615 Router is a 4G industrial router from Rimu Technologies, China. IR615 Router is vulnerable to cross-site request forgery, which can be exploited by attackers to remotely execute operations on the router's management portal...

9.6CVSS7.8AI score0.00527EPSS
Exploits0References5
Rows per page
Query Builder