103 matches found
CVE-2023-47020
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
CVE-2023-47020
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
NCR Atleos Terminal Handler Cross-Site Request Forgery Vulnerability
NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, increases business agility, and improves your competitive advantage. A cross-site request forgery vulnerability exists in NCR Atleos Terminal Handler version v.1.5.1, which stems from a lack of...
CVE-2023-47020
CVE-2023-47020 affects NCR Terminal Handler v1.5.1. A CSRF chaining flaw allows an attacker to escalate privileges by crafting a request that creates a user and adds them to the administrator group, exploiting an undisclosed WSDL function that lacks security controls and can accept custom content...
PT-2024-13398 · Ncr · Ncr Terminal Handler
Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue involves Multiple Cross-Site Request Forgery CSRF chaining, allowing an attacker to escalate privileges through a crafted request. This request involves user account creation and addin...
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
Input validation
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
CVE-2023-47022
CVE-2023-47022 affects NCR Terminal Handler v1.5.1: Insecure Direct Object Reference allows an unprivileged user to edit the audit logs and can lead to CSV injection. A PT-2024-13399 entry additionally indicates a remote attacker could execute arbitrary code via a crafted payload parameter. The d...
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
NCR Atleos Terminal Handler Security Vulnerability
NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A security vulnerability exists in NCR Atleos Terminal Handler version v.1.5.1. A remote attacker could exploit the...
CVE-2023-47022
Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...
PT-2024-13399 · Ncr · Ncr Terminal Handler
Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue allows an unprivileged user to edit the audit logs for any user, potentially leading to CSV injection. It also enables a remote attacker to execute arbitrary code via a crafted script ...
CVE-2023-47024
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...
CVE-2023-47024
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...
CVE-2023-47024
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...
NCR Atleos Terminal Handler Cross-Site Request Forgery Vulnerability
NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A cross-site request forgery vulnerability exists in NCR Atleos Terminal Handler version v.1.5.1, which originates from a...
CVE-2023-47024
CVE-2023-47024 affects NCR Terminal Handler v1.5.1 and centers on CSRF, enabled by multiple vulnerabilities including an undisclosed function in the WSDL with weak security controls that can accept custom content types. This can allow a remote attacker to trigger a one‑click account takeover via ...
CVE-2023-47024
Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...