Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845 This script provides an automated Proof of C...

The vulnerability of the Solr software solution for enterprise resource planning by Apache OFBiz, which allows attackers to modify protected information

The vulnerability of the Solr software for enterprise resource planning software Apache OFBiz lies in the lack of authentication for a critical function. Exploiting this vulnerability allows an attacker to remotely modify protected information...

VulnCheck KEV: CVE-2016-5700

Virtual servers in F5 BIG-IP systems 11.5.0, 11.5.1 before HF11, 11.5.2, 11.5.3, 11.5.4 before HF2, 11.6.0 before HF8, 11.6.1 before HF1, 12.0.0 before HF4, and 12.1.0 before HF2, when configured with the HTTP Explicit Proxy functionality or SOCKS profile, allow remote attackers to modify the...

Exploit for PHP External Variable Modification in Juniper Junos

CVE-2023-36845 PoC Automation Script This script provides an...

The vulnerability of the Mail.MailConfig component in the XWiki Platform, a platform for creating collaborative web applications, allows a hacker to modify email sending configurations.

The vulnerability of the Mail.MailConfig component in the XWiki platform, a tool for creating collaborative web applications, stems from insecure management of privileges. Exploiting this vulnerability allows an attacker to remotely modify email sending configurations...

The vulnerability of the GLPI system’s request, incident, and computer equipment inventory management processes, due to lack of access control, allows a intruder to modify or view the data on the control panel.

The vulnerability of the GLPI system for requests, incidents, and inventory management is related to lack of access control. Exploiting this vulnerability allows a malicious actor to modify or view data on the control panel remotely...

The vulnerability of the XML conversion software “xml2js” to JavaScript lies in the uncontrolled modification of object prototype attributes. This allows attackers to edit or add new properties to objects.

The vulnerability of the XML object conversion software using JavaScript’s xml2js is related to uncontrolled changes to the attributes of the prototype object. Exploiting this vulnerability allows a malicious actor to remotely modify the properties of the proto object...

CVE-2023-34257

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified and, by default, authentication is not required. Some configuration fields related to SNMP e.g., masterAgentName or masterAgentStartLine result in code execution when the agent is restarted...

Authentication flaw

DISPUTED An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified and, by default, authentication is not required. Some configuration fields related to SNMP e.g., masterAgentName or masterAgentStartLine result in code execution when the agent is...

CVE-2023-34257

An issue was discovered in BMC Patrol through 23.1.00. The agent's configuration can be remotely modified and, by default, authentication is not required. Some configuration fields related to SNMP e.g., masterAgentName or masterAgentStartLine result in code execution when the agent is restarted...

The vulnerability of microprogrammed software in Nexx Garage Door Controllers (NXG-100B, NXG-200), Nexx Smart Plugs (NXPG-100W), and Nexx Smart Alarms (NXAL-100) lies in their susceptibility to being bypassed through the use of a user-controlled key. This allows intruders to alter the settings of the devices and gain access to information about them.

The vulnerability of the microprogrammed software of the Nexx Garage Door Controller NXG-100B, NXG-200, Nexx Smart Plug NXPG-100W, and Nexx Smart Alarm NXAL-100 lies in the ability to bypass authentication by using a user-controlled key. Exploiting this vulnerability could allow an intruder to...

SUSE CVE-2009-1888

The aclgroupoverride function in smbd/posixacls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vectors related to read access to uninitialized memory...

SUSE CVE-2010-0169

The CSSLoaderImpl::DoSheetComplete function in layout/style/nsCSSLoader.cpp in Mozilla Firefox 3.0.x before 3.0.18, 3.5.x before 3.5.8, and 3.6.x before 3.6.2; Thunderbird before 3.0.2; and SeaMonkey before 2.0.3 changes the case of certain strings in a stylesheet before adding this stylesheet to...

SUSE CVE-2010-3933

Ruby on Rails 2.3.9 and 3.0.0 does not properly handle nested attributes, which allows remote attackers to modify arbitrary records by changing the names of parameters for form inputs...

SUSE CVE-2011-2752

CRLF injection vulnerability in SquirrelMail 1.4.21 and earlier allows remote attackers to modify or add preference values via a \n newline character, a different vulnerability than CVE-2010-4555...

SUSE CVE-2011-4136

django.contrib.sessions in Django before 1.2.7 and 1.3.x before 1.3.1, when session data is stored in the cache, uses the root namespace for both session identifiers and application-data keys, which allows remote attackers to modify a session by triggering use of a key that is equal to that...

SUSE CVE-2013-6172

steps/utils/savepref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the session parameter, which can be leveraged to read arbitrary files, conduct SQL injection attacks, and execute arbitrary code...

SUSE CVE-2017-5108

Type confusion in PDFium in Google Chrome prior to 60.0.3112.78 for Mac, Windows, Linux, and Android allowed a remote attacker to potentially maliciously modify objects via a crafted PDF file...

The vulnerability of FortiOS operating systems, related to access control deficiencies, allows attackers to modify interface settings.

The vulnerability of FortiOS operating systems is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to modify interface settings remotely through APIs...

PT-2022-6830 · Ce805M · Ce805M

Name of the Vulnerable Software and Affected Versions: CE805M affected versions not specified Description: The issue is related to an undocumented user account named SUPERVISOR in the CE A protocol implementation of the CE805M data collection and transmission device. Exploitation of this issue ma...