4423 matches found
CVE-2012-6614
CVE-2012-6614 affects the D-Link DSR-250N family, specifically firmware versions before 1.08B31. The vulnerability allows remote authenticated users to obtain persistent root access via the BusyBox CLI, demonstrated by overwriting the superuser password. Reported impact includes high confidential...
CVE-2013-4228
CVE-2013-4228 affects the Drupal contributed module Organic Groups (OG) for 7.x-2.x prior to 7.x-2.3. The vulnerability arises from the OG access/visibility fields not properly restricting access to private groups, allowing remote authenticated users to guess node IDs, subscribe to, and read cont...
Directory traversal
Directory traversal vulnerability in Kaseya Virtual System Administrator VSA 7.0.0.0 before 7.0.0.33, 8..0.0.0 before 8.0.0.23, 9.0.0.0 before 9.0.0.19, and 9.1.0.0 before 9.1.0.9 allows remote authenticated users to write to and execute arbitrary files due to insufficient restrictions in file...
CVE-2020-8964
TimeTools SC7105 1.0.007, SC9205 1.0.007, SC9705 1.0.007, SR7110 1.0.007, SR9210 1.0.007, SR9750 1.0.007, SR9850 1.0.007, T100 1.0.003, T300 1.0.003, and T550 1.0.003 devices allow remote attackers to bypass authentication by placing t3axs=TiMEtOOlsj7G3xMm52wB in a t3.cgi request, aka a "hardcode...
CVE-2015-3423
CVE-2015-3423 affects NetCracker Resource Management System (before 8.2). The vulnerability is multiple SQL injection flaws that allow remote authenticated users to execute arbitrary SQL via a set of parameters, including ctrl, h____%2427, h____%2439, param0–param4, filter_INSERT_COUNT, filter_MI...
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure (PoC)
Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Exploit Title: Verodin Director Web Console 3.5.4.0 - Remote Authenticated Password Disclosure PoC Discovery Date: 2019-01-31 Exploit Author: Nolan B. Kennedy nxkennedy Vendor Homepage: https://www.verodin.com/...
CVE-2020-7993
Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation on behalf of other user accounts via a modified email ID field...
CVE-2020-7993
CVE-2020-7993 : Affected component is Prototype 1.6.0.1. The issue allows remote authenticated users to forge ticket creation on behalf of other user accounts via a modified email ID field. Root cause appears to be insufficient access control around ticket creation. Practical impact is potential ...
Authentication flaw
Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL...
CVE-2019-19550
Remote Authentication Bypass in Senior Rubiweb 6.2.34.28 and 6.2.34.37 allows admin access to sensitive information of affected users using vulnerable versions. The attacker only needs to provide the correct URL...
CVE-2019-19550
CVE-2019-19550 concerns a Remote Authentication Bypass in Senior Rubiweb (versions 6.2.34.28 and 6.2.34.37). The underlying issue is an Incorrect Access Control that lets an attacker access admin functionality and view sensitive user information by visiting a specific URI (e.g., /rubiweb/conector...
Design/Logic Flaw
The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias to a restricted node...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Senior Rubiweb
CVE-2019-19550 ------------------------------------------...
Code injection
The parsecmd function in lib/gitlabshell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated users to gain privileges and clone arbitrary repositories...
CVE-2013-4862
Vulnerability CVE-2013-4862 affects MiCasaVerde VeraLite firmware 1.5.408. The issue arises from improper access restrictions that enable remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh and (2) retrieve hashed passwords via the cgi-bin/cmh/back...
CVE-2013-4582
CVE-2013-4582 affects GitLab: the functions create_branch, create_tag, import_project, and fork_project in lib/gitlab_projects.rb allow remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. Affected are GitLab 5.0 up to 5.4...
CVE-2014-8161
PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allows remote authenticated users to obtain sensitive column values by triggering constraint violation and then reading the error message...
CVE-2012-6451
Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability...
Authentication flaw
Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability...
CVE-2012-6451
Lorex LNC116 and LNC104 IP Cameras have a Remote Authentication Bypass Vulnerability...