164 matches found
CVE-2025-41015
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
EUVD-2025-200247
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
CVE-2025-41015
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41014
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
CVE-2025-41015
CVE-2025-41015 affects TCMAN GIM v11 (build 20250304). Affected component: the web service at /WS/PDAWebService.asmx, exposed via the SOAP action GetUserQuestionAndAnswer in the pda:username parameter. Root cause: unauthenticated user enumeration through the parameter, enabling an attacker to det...
CVE-2025-41015 User Enumeration vulnerability in TCMAN GIM
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41014 User Enumeration vulnerability in TCMAN GIM
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41013 SQL injection vulnerability in TCMAN GIM
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
CVE-2025-41013
CVE-2025-41013 affects TCMAN GIM v11 (version 20250304). The flaw is a SQL injection via GET on /PC/frmEPIS.aspx with the idmant parameter, enabling retrieval, creation, update, and deletion of databases. Root cause is unparameterized SQL handling in that endpoint. IMPACT is described as high/cri...
CVE-2025-41012
The CVE-2025-41012 entry describes an unauthorized-access vulnerability in TCMAN GIM v11 (build 20250304) where an unauthenticated attacker can determine if a user exists on the system by sending requests to the PDAWebService ( /WS/PDAWebService.asmx ) using the parameters pda:userId and pda:newP...
CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
PT-2025-48683
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
PT-2025-48684
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
TCMAN GIM SQL注入漏洞
TCMAN GIM is a management system from TCMAN, Spain. A SQL injection vulnerability exists in TCMAN GIM version v11 20250304, which originates from a SQL injection and could lead to database manipulation...
TCMAN GIM 信息泄露漏洞
TCMAN GIM is a management system from the Spanish company TCMAN. An information disclosure vulnerability exists in TCMAN GIM version v11 20250304, which originates from an unauthenticated attacker being able to determine if a user exists via the pda:username parameter...
TCMAN GIM 安全漏洞
TCMAN GIM is a management system from the Spanish company TCMAN. A security vulnerability exists in TCMAN GIM version v11 20250304, which originates from unauthorized access and may result in determining the existence of a user...
TCMAN GIM 信息泄露漏洞
TCMAN GIM is a management system from the Spanish company TCMAN. An information disclosure vulnerability exists in TCMAN GIM version v11 20250304, which originates from an unauthenticated attacker being able to determine if a user exists via the pda:username parameter...