146 matches found
CVE-2023-34257
An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified and, by default, authentication is not required. Some configuration fields related to SNMP e.g., masterAgentName or masterAgentStartLine result in code execution when the agent is restarted...
CVE-2019-10966
In GE Aestiva and Aespire versions 7100 and 7900, a vulnerability exists where serial devices are connected via an added unsecured terminal server to a TCP/IP network configuration, which could allow an attacker to remotely modify device configuration and silence alarms...
CVE-2013-2581
cgi-bin/firmwareupgrade in TP-Link IP Cameras TL-SC3130, TL-SC3130G, TL-SC3171, TL-SC3171G, and possibly other models before beta firmware LM.1.6.18P12sign6 allows remote attackers to modify the firmware revision via a "preset" action...
CVE-2010-1959
Unspecified vulnerability in HP TestDirector for Quality Center 9.2 before Patch8 allows remote attackers to modify data via unknown vectors...
CVE-2010-2502
Multiple directory traversal vulnerabilities in Splunk 4.0 through 4.0.10 and 4.1 through 4.1.1 allow 1 remote attackers to read arbitrary files, aka SPL-31194; 2 remote authenticated users to modify arbitrary files, aka SPL-31063; or 3 have an unknown impact via redirects, aka SPL-31067...
PT-2025-39654
Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo is a learning management system. Prior to version 1.11.30, the application performs data deserialization that can be spoofed. An attacker can create objects of arbitrary classes and fully...
QNAP Systems QTS和QNAP Systems QuTS hero 代码注入漏洞
QNAP Systems QTS and QNAP Systems QuTS hero are both products of China Weilian Technology QNAP Systems.QNAP Systems QTS is an entry operating system.QNAP Systems QuTS hero is an operating system. A code injection vulnerability exists in QNAP Systems QTS prior to version 5.2.3.3006 build 20250108...
The vulnerability in the web interface for managing software for network deployment and security management in HPE Aruba Networking Fabric Composer allows a malicious actor to alter system settings.
The vulnerability in the web-based management interface for network deployment and security management in HPE Aruba Networking Fabric Composer is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow a malicious actor to remotely modify system settings...
The vulnerability of the ProjectSend file-sharing software is related to deficiencies in the authentication process, which allows attackers to modify the application’s configuration.
The vulnerability of the ProjectSend file-sharing software is related to deficiencies in its authentication procedures. Exploiting this vulnerability allows a malicious actor to remotely modify the application’s configuration by sending specially crafted HTTP requests...
The vulnerability of the web interface of DrayTek Vigor microprogramming software-enabled routers allows a hacker to modify settings or cause service failures.
The vulnerability of the web interface of DrayTek Vigor microprogramming software lies in the writing and reading of data beyond the buffer in memory. Exploiting this vulnerability can allow a malicious actor to modify settings remotely or cause service failures...
The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication, which allows a malicious user to modify issues in public repositories.
The vulnerability of the corporate version of the GitHub Enterprise Server is related to improper authentication. Exploiting this vulnerability could allow a malicious actor to modify issues in public repositories remotely...
BIT-MATTERMOST-2024-41162
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...
PT-2024-6216 · Ivanti · Ivanti Epm
Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions prior to 2022 SU6 Ivanti EPM versions prior to the 2024 September update Description: The issue is related to a lack of authentication for a critical function in Ivanti EPM, specifically in Network Isolation. This allows a...
CVE-2024-41162
Mattermost versions 9.9.x = 9.9.0, 9.5.x = 9.5.6, 9.7.x = 9.7.5 and 9.8.x = 9.8.1 fail to disallow the modification of local channels by a remote, when shared channels are enabled, which allows a malicious remote to make an arbitrary local channel read-only...
CVE-2024-41162
Mattermost server (versions 9.9.x up to 9.9.0, 9.5.x up to 9.5.6, 9.7.x up to 9.7.5, and 9.8.x up to 9.8.1) is affected by an access-control issue where a remote actor, when shared channels are enabled, can cause an arbitrary local channel to become read-only. Multiple sources (Red Hat, OSV, GitH...
PT-2024-5346
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1 Description The issue is related to insufficient access control in the admin compliance framework function of the Group Namespace URL Handler component in...
The vulnerability of the CMS system Netcat, related to the manipulation of inter-site requests, allows a hacker to alter access rights in the file manager.
The vulnerability of the CMS system Netcat is related to the manipulation of inter-site requests. Exploiting this vulnerability allows a malicious actor to remotely modify access rights in the file manager...
The vulnerability of the NetApp SnapCenter backup and recovery software’s software platform, related to authentication deficiencies, allows a perpetrator to alter the configuration of system logging settings.
The vulnerability of the NetApp SnapCenter backup and recovery software platform relates to authentication deficiencies. Exploiting this vulnerability allows a malicious actor to remotely alter the configuration of system logging settings...
The vulnerability of the SAP AS NetWeaver JAVA software for creating and deploying web applications lies in the lack of authentication for a critical function, allowing attackers to modify the state of existing services.
The vulnerability of the SAP AS NetWeaver JAVA software for creating and deploying web applications is related to the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify the state of existing services...
The vulnerability of the Git-based software platform for collaborative code development on GitLab stems from deficiencies in access control. This allows a malicious individual to alter the headers of deployment keys.
The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to deficiencies in SSH key management during automated deployment scenarios. Exploiting this vulnerability could allow a malicious actor to modify the headers of deployment private keys...