104 matches found
CVE-2023-47030
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a GET request to a UserService SOAP API endpoint to validate if a user exists...
CVE-2023-47029
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component...
CVE-2023-47029
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via a crafted POST request to the UserService component...
CVE-2023-47031
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component...
CVE-2023-47031
An issue in NCR Terminal Handler v.1.5.1 allows a remote attacker to escalate privileges via a crafted POST request to the grantRolesToUsers, grantRolesToGroups, and grantRolesToOrganization SOAP API component...
CVE-2023-47294
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...
CVE-2023-47295
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...
CVE-2023-47295
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...
CVE-2023-47294
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...
CVE-2023-47032
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function...
CVE-2023-47032
Password Vulnerability in NCR Terminal Handler v.1.5.1 allows a remote attacker to execute arbitrary code via a crafted script to the UserService SOAP API function...
CVE-2023-47298
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses...
CVE-2023-47298
An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses...
CVE-2023-47297
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...
CVE-2023-47297
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...
CVE-2023-47294
An issue in NCR Terminal Handler v1.5.1 allows low-level privileged authenticated attackers to arbitrarily deactivate, lock, and delete user accounts via a crafted session cookie...
CVE-2023-47295
A CSV injection vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands via injecting a crafted payload into any text field that accepts strings...
CVE-2023-47294
CVE-2023-47294 affects NCR Terminal Handler v1.5.1. A crafted session cookie can allow a low-privileged authenticated attacker to arbitrarily deactivate, lock, or delete user accounts. Root cause cited across sources relates to insufficient session cookie validation. Impact is user-account manipu...
NCR Atleos Terminal Handler 安全漏洞
NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A security vulnerability exists in NCR Atleos Terminal Handler version 1.5.1, which stems from insufficient validation of text...
CVE-2023-47297
A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...