Lucene search
K

55 matches found

OSV
OSV
added 2024/05/03 2:15 a.m.3 views

CVE-2023-34274

D-Link DIR-2150 LoginPassword Incorrect Implementation of Authentication Algorithm Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2150 routers. Authentication is not required to exploit thi...

8.8CVSS5.8AI score0.01108EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2024/01/24 9:59 a.m.2 views

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

4.3CVSS5.8AI score0.00709EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/12/15 5:15 p.m.1 views

CVE-2023-50089

A Command Injection vulnerability exists in NETGEAR WNR2000v4 version 1.0.0.70. When using HTTP for SOAP authentication, command execution occurs during the process after successful authentication...

9.8CVSS7.5AI score0.04007EPSS
Exploits1References3
RedHat Linux
RedHat Linux
added 2023/10/19 1:19 p.m.6 views

php: Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

A vulnerability was found in PHP where the weak randomness affects applications that use SOAP with HTTP Digest authentication against a possibly malicious server over HTTP allows a remote authenticated attackers to cause a stack information leak...

4.3CVSS5.8AI score0.00709EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/08/01 2:15 a.m.6 views

CVE-2023-34960

A command injection vulnerability in the wsConvertPpt component of Chamilo v1.11. up to v1.11.18 allows attackers to execute arbitrary commands via a SOAP API call with a crafted PowerPoint name...

9.8CVSS6.1AI score0.99192EPSS
Exploits9References6
Microsoft CVE
Microsoft CVE
added 2023/07/22 7:0 a.m.5 views

Missing error check and insufficient random bytes in HTTP Digest authentication for SOAP

...

4.3CVSS5.4AI score0.00709EPSS
Exploits0
OSV
OSV
added 2023/07/03 2:38 p.m.5 views

USN-6199-1 php7.4, php8.1 vulnerability

It was discovered that PHP incorrectly handled certain Digest authentication for SOAP. An attacker could possibly use this issue to expose sensitive information...

4.3CVSS6.7AI score0.00709EPSS
Exploits0References2
NVD
NVD
added 2021/11/08 4:15 a.m.37 views

CVE-2021-31600

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

4.3CVSS0.00951EPSS
Exploits3References2
NVD
NVD
added 2021/11/08 4:15 a.m.43 views

CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

7.1CVSS0.01307EPSS
Exploits3References2
Prion
Prion
added 2021/11/08 4:15 a.m.20 views

Design/Logic Flaw

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

4CVSS6.3AI score0.01307EPSS
Exploits3References2Affected Software2
Cvelist
Cvelist
added 2021/11/08 3:27 a.m.48 views

CVE-2021-31601

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

7.1CVSS6.9AI score0.01307EPSS
Exploits3References2
Cvelist
Cvelist
added 2021/11/08 3:26 a.m.36 views

CVE-2021-31600

An issue was discovered in Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence Server through 7.x. They implement a series of web services using the SOAP protocol to allow scripting interaction with the backend server. An authenticated user regardless of privileges can list all...

4.3CVSS4.8AI score0.00951EPSS
Exploits3References2
CVE
CVE
added 2021/11/08 3:26 a.m.53 views

CVE-2021-31600

Hitachi Vantara Pentaho (through 9.1 and Pentaho BI Server 7.x) exposes an access-control flaw in SOAP web services that allows any authenticated user to enumerate usernames. The vulnerable components are the web services exposed by /pentaho/webservices/userRoleListService and /pentaho/ServiceAct...

4.3CVSS4.7AI score0.00951EPSS
Exploits3References2Affected Software2
0day.today
0day.today
added 2021/11/07 12:0 a.m.390 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control Vulnerability

Pentaho implements a series of web services using the SOAP protocol to allow scripting interaction with the backend server. While most of the interfaces correctly implement ACL, the Data Source Management Service located at /pentaho/webservices/datasourceMgmtService allows low-privilege...

7.1CVSS7.1AI score0.01307EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.484 views

Pentaho Business Analytics / Pentaho Business Server 9.1 User Enumeration

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Jackrabbit User Enumeration Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th February 2021 Solution Date: Wont...

5.8AI score0.00951EPSS
Exploits3
Packet Storm
Packet Storm
added 2021/11/05 12:0 a.m.602 views

Pentaho Business Analytics / Pentaho Business Server 9.1 Insufficient Access Control

Product: Pentaho Business Analytics / Pentaho Business Server Vendor / Manufacturer: Hitachi Vantara Affected Versions: = 9.1 Vulnerability Type: Insufficient Access Control of Data Source Management Service Solution Status: Fix Released on public GitHub repository Manufacturer Notification: 8th...

7AI score0.01307EPSS
Exploits3
OSV
OSV
added 2020/01/06 8:15 a.m.4 views

CVE-2019-15982

Multiple vulnerabilities in the REST and SOAP API endpoints and the Application Framework feature of Cisco Data Center Network Manager DCNM could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. To exploit these vulnerabilities, an attacker wou...

7.2CVSS7.2AI score0.14322EPSS
Exploits0References1
NVD
NVD
added 2019/02/07 9:29 p.m.20 views

CVE-2019-1660

A vulnerability in the Simple Object Access Protocol SOAP of Cisco TelePresence Management Suite TMS software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the...

5.3CVSS5.6AI score0.02208EPSS
Exploits0References2
Prion
Prion
added 2019/02/07 9:29 p.m.16 views

Authentication flaw

A vulnerability in the Simple Object Access Protocol SOAP of Cisco TelePresence Management Suite TMS software could allow an unauthenticated, remote attacker to gain unauthorized access to an affected device. The vulnerability is due to a lack of proper access and authentication controls on the...

5CVSS5.6AI score0.02208EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/01/28 12:0 a.m.6 views

The vulnerability of the Core component of the Oracle VM VirtualBox software allows a hacker to trigger a service failure.

The vulnerability of the Core component of the Oracle VM VirtualBox software is related to deficiencies in access control. Exploiting this vulnerability can allow an attacker to trigger a service failure using the SOAP protocol...

7.8CVSS7.3AI score0.04255EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder