PT-2024-13496 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.3.0 Liferay DXP 7.2 before fix pack 5 Description: The issue allows remote authenticated users to remain authenticated after an account has been locked because existing user sessions are not invalidated...

CVE-2024-25145

Stored cross-site scripting XSS vulnerability in the Portal Search module's Search Result app in Liferay Portal 7.2.0 through 7.4.3.11, and older unsupported versions, and Liferay DXP 7.4 before update 8, 7.3 before update 4, 7.2 before fix pack 17, and older unsupported versions allows remote...

The vulnerability of the microprogrammed software of the MELSEC WS0-GETH00200 programmable logic controllers, related to bypassing the authentication process, allows a intruder to circumvent the authentication mechanism.

The vulnerability of the microprogrammed software of the MELSEC WS0-GETH00200 programmable logic controllers is related to the bypassing of the authentication process. Exploiting this vulnerability allows an attacker to bypass the authentication process remotely...

Electrolink FM/DAB/TV Transmitter - Remote Authentication Removal

!/usr/bin/env python Electrolink FM/DAB/TV Transmitter Remote Authentication Removal Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB...

Open redirect

URL redirection to untrusted site 'Open Redirect' vulnerability in file access component in Synology DiskStation Manager DSM before 7.2.1-69057-2 allows remote authenticated users to conduct phishing attacks via unspecified vectors...

VulnCheck KEV: CVE-2021-34993

This vulnerability allows remote attackers to bypass authentication on affected installations of Commvault CommCell 11.22.22. Authentication is not required to exploit this vulnerability. The specific flaw exists within the CVSearchService service. The issue results from the lack of proper...

Dell iDRAC9 Cross-site Scripting (CVE-2021-21542)

Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generati...

The vulnerability of the updateManagerPassword function in the software for managing power sources of Voltronic Power ViewPower Pro allows a intruder to bypass the authentication process and gain unauthorized access to the software.

The vulnerability of the updateManagerPassword function in the software for managing power sources of Voltronic Power ViewPower Pro is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to bypass the authentication...

CVE-2023-48250

The vulnerability allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts...

PT-2024-13651 · Unknown · Portiportal

Name of the Vulnerable Software and Affected Versions: PortiPortal versions 7.2.1 and below PortiPortal versions 7.0.6 and below PortiPortal versions 6.0.14 and below PortiPortal versions 5.3.8 and below Description: The issue allows a remote authenticated user with at least read-only permissions...

PT-2024-13560 · Rexroth +1 · Nexo Cordless Nutrunner Nxa011S-36V +8

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows a remote attacker to authenticate to the SSH service with root privileges through a hidden hard-coded account. There is no information...

PT-2024-1495 · Bosch · Nexo-Os

Name of the Vulnerable Software and Affected Versions: NEXO-OS affected versions not specified Description: The issue allows a remote attacker to authenticate to the web application with high privileges through multiple hidden hard-coded accounts. This can enable the attacker to gain unauthorized...

The vulnerability of the PAN-OS operating system’s web interface allows attackers to obtain credentials in plain text for stored external system integrations such as LDAP, SCP, RADIUS, TACACS+, and SNMP.

The vulnerability of the PAN-OS operating system’s web interface is related to insufficient protection of registration data. Exploiting this vulnerability allows a malicious actor to obtain login credentials in plain text for stored external system integrations such as LDAP, SCP, RADIUS, TACACS+,...

CVE-2023-49949

Passwork before 6.2.0 contains a vulnerability in the authorization procedure that allows a remote authenticated user to bypass two‑fact‑authentication (2FA) by brute‑forcing a one‑time six‑digit code. Affected software is Passwork prior to 6.2.0 . The issue arises from weaknesses in the 2FA work...

Path traversal

An issue was discovered in NOKIA NFM-T R19.9. An Absolute Path Traversal vulnerability exists under /cgi-bin/R19.9/viewlog.pl of the VM Manager WebUI via the logfile parameter, allowing a remote authenticated attacker to read arbitrary files...

VulnCheck KEV: CVE-2021-29203

A security vulnerability has been identified in the HPE Edgeline Infrastructure Manager, also known as HPE Edgeline Infrastructure Management Software, prior to version 1.22. The vulnerability could be remotely exploited to bypass remote authentication leading to execution of arbitrary...

CVE-2023-50272

A potential security vulnerability has been identified in HPE Integrated Lights-Out 5 iLO 5 and Integrated Lights-Out 6 iLO 6. The vulnerability could be remotely exploited to allow authentication bypass...

The vulnerability of the HTTP/2 network protocol implementation in BIG-IP’s access control and remote authentication mechanisms allows a attacker to cause service interruptions.

The vulnerability of the HTTP/2 network protocol implementation for BIG-IP access control and remote authentication mechanisms is related to an uncontrolled resource consumption during request processing. Exploiting this vulnerability could allow a malicious actor to cause service failures...

CVE-2023-33413

The configuration functionality in the Intelligent Platform Management Interface IPMI baseboard management controller BMC implementation on Supermicro X11 and M11 based devices, with firmware versions through 3.17.02, allows remote authenticated users to execute arbitrary commands...

The vulnerability of the BIG-IP Access Policy Manager’s access control and remote authentication mechanisms, as well as the software products such as BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link Controller, BIG-IP Local Traffic Manager, BIG-IP Policy Enforcement Manager, BIG-IP Orchestrator, allows a perpetrator to trigger a service failure.

The vulnerabilities of the BIG-IP Access Policy Manager, as well as the BIG-IP Advanced Firewall Manager, BIG-IP Analytics, BIG-IP Application Acceleration Manager, BIG-IP Application Security Manager, BIG-IP Hybrid Defender, BIG-IP Domain Name System, BIG-IP Fraud Protection Service, BIG-IP Link...