The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series systems arises from errors in system configuration or settings, allowing unauthorized access by attackers to protected information.

The vulnerability of microprogramming software in embedded network control controllers of ASPECT Enterprise, NEXUS Series, and MATRIX Series is related to errors in system settings or configuration. Exploiting this vulnerability can allow an attacker to gain unauthorized access to protected...

Dell 3000cn Improper Authentication (CVE-2006-2113)

The embedded HTTP server in Fuji Xerox Printing Systems FXPS print engine, as used in products including 1 Dell 3000cn through 5110cn and 2 Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, does not properly perform authentication for HTTP requests, which...

Imperva Defends Against LLM Hacking

In the evolving landscape of cybersecurity, the advent of large language models LLMs has introduced a new frontier of challenges and opportunities. Research has shown advanced LLMs, such as GPT-4, now possess the ability to autonomously execute sophisticated cyberattacks, including blind database...

CVE-2024-51722 Vulnerabilities in SecuSUITE Server Components Impact SecuSUITE

A local privilege escalation vulnerability in the SecuSUITE Server System Configuration of SecuSUITE versions 5.0.420 and earlier could allow a successful attacker that had gained control of code running under one of the system accounts listed in the configuration file to potentially issue...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

CVE-2024-51399

Altai Technologies Ltd Altai IX500 Indoor 22 802.11ac Wave 2 AP After login, there are file reads in the background, and attackers can obtain sensitive information such as user credentials, system configuration, and database connection strings, which can lead to data breaches and identity theft...

Altai IX500 安全漏洞

Altai IX500 is an indoor wireless access point from Altai. A security vulnerability exists in Altai IX500. An attacker could exploit the vulnerability to obtain sensitive information such as user credentials, system configuration, database connection strings, etc., which could lead to data leakag...

CVE-2024-51399

The CVE-2024-51399 entry concerns Altai IX500 Indoor 22 802.11ac Wave 2 AP. Reported behavior: after login, background file reads can disclose sensitive data (user credentials, system configuration, database connection strings). Documented impact: potential data breach/identity theft. Connected s...

CVE-2024-5823

A file overwrite vulnerability exists in gaizhenbiao/chuanhuchatgpt versions = 20240410. This vulnerability allows an attacker to gain unauthorized access to overwrite critical configuration files within the system. Exploiting this vulnerability can lead to unauthorized changes in system behavior...

CVE-2024-9471 PAN-OS: Privilege Escalation (PE) Vulnerability in XML API

A privilege escalation PE vulnerability in the XML API of Palo Alto Networks PAN-OS software enables an authenticated PAN-OS administrator with restricted privileges to use a compromised XML API key to perform actions as a higher privileged PAN-OS administrator. For example, an administrator with...

CVE-2024-47555

Missing Authentication - User & System Configuration...

CVE-2024-47555 Missing Authentication - User & System Configuration

Missing Authentication - User & System Configuration...

CVE-2024-47555

CVE-2024-47555 affects Xerox FreeFlow Core with a missing authentication vulnerability. According to the CVSS 3.1 vector, the issue is exploitable from an adjacent network, has high impact on confidentiality, integrity, and availability, and requires no user interaction. The root cause is a broke...

CVE-2024-47555 Missing Authentication - User & System Configuration

Missing Authentication - User & System Configuration...

CVE-2024-24116

An issue in Ruijie RG-NBS2009G-P RGOS v.10.41P2 Release9736 allows a remote attacker to gain privileges via the system/configmenu.htm...

CVE-2024-45408 eLabFTW contains a direct and indirect information disclosure

eLabFTW is an open source electronic lab notebook for research labs. An incorrect permission check has been found that could allow an authenticated user to access several kinds of otherwise restricted information. If anonymous access is allowed something disabled by default, this extends to anyon...

ASB-A-343714914

In validateSsid of WifiConfigurationUtil.java, there is a possible way to overflow a system configuration file due to a logic error in the code. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-8456

Certain switch models from PLANET Technology lack proper access control in firmware upload and download functionality, allowing unauthenticated remote attackers to download and upload firmware and system configurations, ultimately gaining full control of the devices...

PLANET switch devices 访问控制错误漏洞

PLANET switch devices are a series of switch devices from PLANET Corporation in China. An access control error vulnerability exists in PLANET switch devices, which stems from a lack of proper access control for the firmware upload and download functions, allowing an unauthenticated, remote attack...

CVE-2024-39341

Entrust Instant Financial Issuance On Premise Software formerly known as Cardwizard 6.10.0, 6.9.0, 6.9.1, 6.9.2, and 6.8.x and earlier leaves behind a configuration file i.e. WebAPI.cfg.xml after the installation process. This file can be accessed without authentication on HTTP port 80 by guessin...