163 matches found
CVE-2025-41015
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
EUVD-2025-200247
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
CVE-2025-41015
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41014
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
CVE-2025-41015 User Enumeration vulnerability in TCMAN GIM
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41015
CVE-2025-41015 affects TCMAN GIM v11 (build 20250304). Affected component: the web service at /WS/PDAWebService.asmx, exposed via the SOAP action GetUserQuestionAndAnswer in the pda:username parameter. Root cause: unauthenticated user enumeration through the parameter, enabling an attacker to det...
CVE-2025-41014 User Enumeration vulnerability in TCMAN GIM
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41013
CVE-2025-41013 affects TCMAN GIM v11 (version 20250304). The flaw is a SQL injection via GET on /PC/frmEPIS.aspx with the idmant parameter, enabling retrieval, creation, update, and deletion of databases. Root cause is unparameterized SQL handling in that endpoint. IMPACT is described as high/cri...
CVE-2025-41013 SQL injection vulnerability in TCMAN GIM
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41012
The CVE-2025-41012 entry describes an unauthorized-access vulnerability in TCMAN GIM v11 (build 20250304) where an unauthenticated attacker can determine if a user exists on the system by sending requests to the PDAWebService ( /WS/PDAWebService.asmx ) using the parameters pda:userId and pda:newP...
CVE-2025-41012 Unauthorized access vulnerability in TCMAN GIM
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
TCMAN GIM SQL注入漏洞
TCMAN GIM is a management system from TCMAN, Spain. A SQL injection vulnerability exists in TCMAN GIM version v11 20250304, which originates from a SQL injection and could lead to database manipulation...
PT-2025-48684
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
PT-2025-48680
Name of the Vulnerable Software and Affected Versions TCMAN GIM version 20250304 Description An unauthenticated attacker can determine if a user exists on the system. This is achieved by utilizing the pda:userId and pda:newPassword parameters with the 'soapaction UnlockUser’ within the...
TCMAN GIM 安全漏洞
TCMAN GIM is a management system from the Spanish company TCMAN. A security vulnerability exists in TCMAN GIM version v11 20250304, which originates from unauthorized access and may result in determining the existence of a user...
PT-2025-48683
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
PT-2025-48682
Name of the Vulnerable Software and Affected Versions TCMAN GIM version 20250304 Description A SQL injection issue exists in TCMAN GIM v11 version 20250304. This allows an attacker to retrieve, create, update, and delete databases. The issue is triggered by sending a GET request utilizing the...