146 matches found
PT-2022-6773 · Google · Google Chrome
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 108.0.5359.71 Description: The issue is related to an inappropriate implementation in DevTools, which allowed an attacker to bypass file access restrictions. This could be achieved by convincing a user to insta...
CVE-2022-41937
XWiki Platform suffered a Missing Authorization vulnerability where any user with view access could modify pages by importing a crafted XAR package. The issue stems from improper privilege management and was fixed in XWiki 14.6RC1, 14.6, and 13.10.8. A workaround is to restrict the Filter.WebHome...
The vulnerability of the Apache Struts software platform, related to deficiencies in access control, allows attackers to modify any arbitrary files.
The vulnerability of the Apache Struts software platform is related to deficiencies in access control. Exploiting this vulnerability allows a malicious actor to modify arbitrary files remotely...
Zigor Corporación ZGR TPS200 NG 代码问题漏洞
The Zigor Corporación ZGR TPS200 NG is a rectifier for battery chargers from the Spanish company Zigor Corporación. Capable of managing sealed lead-acid or lithium batteries for industrial applications, remote control for substations and remote control of cellular phones, as well as applications...
PT-2022-6341 · Unknown · Mklogic-500
Name of the Vulnerable Software and Affected Versions: MKLogic-500 affected versions not specified Description: The issue is related to a lack of authentication for a critical function in the MKLogic-500 PLC configuration protocol. This could allow a remote attacker to modify the device's logic,...
USN-5424-1 openldap vulnerability
It was discovered that OpenLDAP incorrectly handled certain SQL statements within LDAP queries in the experimental back-sql backend. A remote attacker could possibly use this issue to perform an SQL injection attack and alter the database...
CVE-2022-29950
Experian Hunter 1.16 allows remote authenticated users to modify assumed-immutable elements via the 1 rule name parameter to the Rules page or the 2 subrule name or 3 categories name parameter to the Subrules page. NOTE: the vendor disputes this because version 1.16 has never existed...
The vulnerability of the setup.php configuration file of the universal monitoring system Zabbix, related to authentication errors, allows a intruder to modify the configuration parameters.
The vulnerability of the setup.php configuration file of the Zabbix monitoring system is related to authentication errors. Exploiting this vulnerability allows a malicious actor to modify the configuration parameters remotely...
CVE-2021-25160
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...
CVE-2021-25155
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...
CVE-2021-25155
A remote arbitrary file modification vulnerability was discovered in some Aruba Instant Access Point IAP products in versions: Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below...
Aruba Instant Access Point 输入验证错误漏洞
Aruba Access Points is a wireless network from Aruba USA. It provides Internet access. A security vulnerability exists in Aruba Instant Access Points, which can be exploited by an attacker to remotely modify arbitrary files. The following products and versions are affected: Aruba Instant 6.4.x:...
The vulnerability of the REST API interface of the Cisco Data Center Network Manager system allows a attacker to modify the device’s configuration.
The vulnerability of the REST API interface of the Cisco Data Center Network Manager system relates to the use of an incomplete blacklist. Exploiting this vulnerability could allow a malicious actor to modify the device’s configuration remotely...
GHSA-PJ4G-4488-WMXM Dynamic modification of RPyC service due to missing security check
Impact Version 4.1.0 of RPyC has a vulnerability that affects custom RPyC services making it susceptible to authenticated remote attacks. Patches Git commits between September 2018 and October 2019 and version 4.1.0 are vulnerable. Use a version of RPyC that is not affected. Workarounds The commi...
The vulnerability in the web interface of the Cisco Identity Services Engine allows a perpetrator to modify the configuration of a vulnerable device.
The vulnerability of the Cisco Identity Services Engine’s network policy management web interface is related to access control errors based on role-based authorization RBAC. Exploiting this vulnerability could allow a malicious actor to remotely alter the configuration of the vulnerable device...
The vulnerability of the “file transfer” component of the TIBCO Managed File Transfer Platform Server allows a perpetrator to modify any files they choose.
The vulnerability of the “file transfer” component of the TIBCO Managed File Transfer Platform Server is related to errors in the mechanism for processing authentication requests. Exploiting this vulnerability allows a malicious actor to modify arbitrary files remotely...
PT-2020-6067 · Unknown · Property-Expr
Name of the Vulnerable Software and Affected Versions: property-expr versions prior to 2.0.3 Description: The issue is related to Prototype Pollution via the setter function. It may allow a remote attacker to perform a prototype pollution attack by exploiting uncontrolled modification of object...
Apple iOS and Apple iPadOS File System Component Logic Vulnerability
Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices.Apple iPadOS is an operating system for the iPad tablet computer.File System is one of the file system components. A security vulnerability exists in the File System component ...
The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers arises from improperly implemented data filtering during input processing. This allows attackers to alter the contents of project configuration files.
The vulnerability of the Schneider Electric Easergy Builder software for configuring controllers is related to improperly implemented data filtering. Exploiting this vulnerability allows a malicious actor to remotely modify the contents of project configuration files...
Juplink Intelligent Technologies RX4-1500 Unauthorized Operation Vulnerability
The Juplink Intelligent Technologies RX4-1500 is a wireless router from Juplink Intelligent Technologies. A security vulnerability exists in httpd in the Juplink Intelligent Technologies RX4-1500 versions v1.0.3 through v1.0.5. A remote attacker could use this vulnerability to modify or access...