Lucene search
K

7 matches found

NVD
NVD
added 2025/12/02 2:16 p.m.6 views

CVE-2025-41014

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...

7.5CVSS0.00266EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.7 views

PT-2025-48683

User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...

6.9CVSS6.8AI score0.00266EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/06/09 12:0 a.m.9 views

PT-2025-24428 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: The issue is related to an incorrect authorization vulnerability. This vulnerability allows an attacker with a low privilege level to change the password of other users through a POST request using the...

7.1CVSS6.4AI score0.00233EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/28 1:46 p.m.17 views

CVE-2025-40666

Time-based blind SQL injection vulnerabilities in TCMAN's GIM v11. These allow an attacker to retrieve, create, update and delete databases through ArbolID parameter in/GIMWeb/PC/frmPreventivosList.aspx...

8.7CVSS8.1AI score0.00315EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/26 12:0 a.m.5 views

PT-2025-22900 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: A missing authorization vulnerability in TCMAN's GIM allows an authenticated attacker to access any functionality of the application, even when they are not available through the user interface. To exploit...

8.7CVSS6.2AI score0.00228EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/05/26 12:0 a.m.7 views

PT-2025-22898 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: The issue concerns time-based blind SQL injection vulnerabilities. These vulnerabilities allow an attacker to retrieve, create, update, and delete databases through the ArbolID parameter in the...

8.7CVSS7.3AI score0.00315EPSS
Exploits0References8
Cvelist
Cvelist
added 2025/05/06 10:40 a.m.29 views

CVE-2025-40622 Multiple vulnerabilities in TCMAN's GIM

SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘username’...

9.3CVSS0.00361EPSS
Exploits0References1
Rows per page
Query Builder