Lucene search
K

36 matches found

Prion
Prion
added 2023/01/18 1:15 a.m.14 views

Design/Logic Flaw

Sewio’s Real-Time Location System RTLS Studio version 2.0.0 up to and including version 2.6.2 does not properly validate the input module name to the backup services of the software. This could allow a remote attacker to access sensitive functions of the application and execute arbitrary system...

5.8CVSS7.8AI score0.01236EPSS
Exploits0References1Affected Software1
Code423n4
Code423n4
added 2022/07/08 12:0 a.m.11 views

Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store.

Lines of code Vulnerability details Impact Arbitrary msg.sender can execute recordPaymentFrom, recordRedemptionFor, recordDistributionFor, recordUsedAllowanceOf, recordAddedBalanceFor. Malicious terminal may be passed to inject logic to data store. If data store is using custom logic that doesn't...

6.9AI score
Exploits0
OSV
OSV
added 2022/04/21 6:15 p.m.6 views

CVE-2020-14117

A improper permission configuration vulnerability in Xiaomi Content Center APP. This vulnerability is caused by the lack of correct permission verification in the Xiaomi content center APP, and attackers can use this vulnerability to invoke the sensitive component functions of the Xiaomi content...

5.3CVSS6.1AI score0.0064EPSS
Exploits0References1
ThreatPost
ThreatPost
added 2022/02/23 9:29 p.m.213 views

Samsung Screwed Up Encryption on 100M Phones

Samsung shipped an estimated 100 million smartphones with botched encryption, including models ranging from the 2017 Galaxy S8 on up to last year’s Galaxy S21. Researchers at Tel Aviv University found what they called “severe” cryptographic design flaws that could have let attackers siphon the...

6CVSS8.4AI score0.00757EPSS
Exploits0References13
CNVD
CNVD
added 2021/09/18 12:0 a.m.21 views

Xiaomi community licensing issue vulnerability

Xiaomi Community, an official user community application of Xiaomi, China, is vulnerable to an authorization issue in versions prior to 3.0.210809, which stems from the exposure of some js interfaces. An attacker could use this vulnerability to maliciously invoke sensitive functions...

5.3CVSS5.1AI score0.00685EPSS
Exploits0References1
OSV
OSV
added 2021/09/16 12:15 p.m.3 views

CVE-2020-14130

Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version 3.0.210809...

5.3CVSS5.8AI score0.00685EPSS
Exploits0References1
NVD
NVD
added 2021/09/16 12:15 p.m.20 views

CVE-2020-14130

Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version 3.0.210809...

5.3CVSS0.00685EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/09/16 11:41 a.m.23 views

CVE-2020-14130

Some js interfaces in the Xiaomi community were exposed, causing sensitive functions to be maliciously called on Xiaomi community app Affected Version 3.0.210809...

5.3AI score0.00685EPSS
Exploits0References1
NVD
NVD
added 2021/02/11 6:15 p.m.21 views

CVE-2020-13185

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials...

6.5CVSS0.0097EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/11 3:10 p.m.25 views

CVE-2020-13185

Certain web application pages in the authenticated section of the Teradici Cloud Access Connector prior to v18 were accessible without the need to specify authentication tokens, which allowed an attacker in the ability to execute sensitive functions without credentials...

6.7AI score0.0097EPSS
Exploits0References1
Hacker One
Hacker One
added 2016/02/11 8:5 a.m.15 views

Legal Robot: Rate limiting on Email confirmation link

Security researcher discovered a potential issue where no rate limiting was applied to sensitive functions, like email reconfirmation links...

2.3AI score
Exploits0
Hacker One
Hacker One
added 2016/02/11 8:4 a.m.16 views

Legal Robot: Rate limiting on password reset links

Security researcher discovered a potential issue where no rate limiting was applied to sensitive functions, like password reset links...

2.5AI score
Exploits0
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.41 views

ZPanel <= 10.0.1 CSRF, XSS, SQLi, Password Reset

No description provided by source. Exploit Title: ZPanel = 10.0.1 CSRF, XSS, SQLi, Password Reset Date: 04/11/2012 Exploit Author: pcsjj Vendor Homepage: http://www.zpanelcp.com/ Version: 10.0.1 Software Link: http://sourceforge.net/projects/zpanelcp/files/latest/download Downloads: 90,382 CVE :...

7.5CVSS9.2AI score0.04764EPSS
Exploits8
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.18 views

Symantec Messaging Gateway 9.5.3-3 CSRF Vulnerability

No description provided by source. ======= Summary ======= Name: Symantec Messaging Gateway - Easy CSRF to add a backdoor-administrator for example Release Date: 30 November 2012 Reference: NGS00263 Discoverer: Ben Williams [email protected] Vendor: Symantec Vendor Reference: Systems...

7.1AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2011/04/25 12:0 a.m.34 views

Plone Security Bypass

The version of Plone on the remote host fails to require authentication to access several sensitive functions. Plone is built on top of Zope, which maps Python objects and their methods to URLs. Methods can have security restrictions, such as requiring a login account or a specific privilege leve...

7.5CVSS5.9AI score0.03171EPSS
Exploits0References3
myhack58
myhack58
added 2009/06/10 12:0 a.m.23 views

typecho blog system store cross-site vulnerability&easy to get webshell-vulnerability warning-the black bar safety net

author:hiphop qq group:5 2 9 3 8 7 2 2 转 帖 请 附上 来源 :http://hi.baidu.com/securehiphop/blog/item/f5b3627a1768bcfc0ad187f5.html Today Wake up in the morning eat Breakfast go to download a set of blogs to look at In the admin backend post post place found to the title place the title didn't do better...

6.6AI score
Exploits0
Rows per page
Query Builder