Lucene search
K

103 matches found

Cvelist
Cvelist
added 2024/02/08 12:0 a.m.22 views

CVE-2023-47020

Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...

8.9AI score0.00346EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/08 12:0 a.m.5 views

CVE-2023-47020

Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...

8.8AI score0.00346EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/02/08 12:0 a.m.4 views

NCR Atleos Terminal Handler Cross-Site Request Forgery Vulnerability

NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, increases business agility, and improves your competitive advantage. A cross-site request forgery vulnerability exists in NCR Atleos Terminal Handler version v.1.5.1, which stems from a lack of...

8.8CVSS7AI score0.00346EPSS
Exploits1References3
CVE
CVE
added 2024/02/08 12:0 a.m.80 views

CVE-2023-47020

CVE-2023-47020 affects NCR Terminal Handler v1.5.1. A CSRF chaining flaw allows an attacker to escalate privileges by crafting a request that creates a user and adds them to the administrator group, exploiting an undisclosed WSDL function that lacks security controls and can accept custom content...

8.8CVSS8.6AI score0.00346EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.8 views

PT-2024-13398 · Ncr · Ncr Terminal Handler

Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue involves Multiple Cross-Site Request Forgery CSRF chaining, allowing an attacker to escalate privileges through a crafted request. This request involves user account creation and addin...

8.8CVSS7.8AI score0.00346EPSS
Exploits1References6
NVD
NVD
added 2024/02/06 1:15 a.m.12 views

CVE-2023-47022

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

6.5CVSS6.7AI score0.0034EPSS
Exploits0References1
OSV
OSV
added 2024/02/06 1:15 a.m.6 views

CVE-2023-47022

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

6.5CVSS5.8AI score0.0034EPSS
Exploits0References1
Prion
Prion
added 2024/02/06 1:15 a.m.18 views

Input validation

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

4CVSS7.2AI score0.0034EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/02/06 12:0 a.m.46 views

CVE-2023-47022

CVE-2023-47022 affects NCR Terminal Handler v1.5.1: Insecure Direct Object Reference allows an unprivileged user to edit the audit logs and can lead to CSV injection. A PT-2024-13399 entry additionally indicates a remote attacker could execute arbitrary code via a crafted payload parameter. The d...

6.5CVSS6.7AI score0.0034EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/06 12:0 a.m.19 views

CVE-2023-47022

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

7.2AI score0.0034EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/02/06 12:0 a.m.5 views

NCR Atleos Terminal Handler Security Vulnerability

NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A security vulnerability exists in NCR Atleos Terminal Handler version v.1.5.1. A remote attacker could exploit the...

6.5CVSS7.8AI score0.0034EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/06 12:0 a.m.15 views

CVE-2023-47022

Insecure Direct Object Reference in NCR Terminal Handler v.1.5.1 allows an unprivileged user to edit the audit logs for any user and can lead to CSV injection...

7AI score0.0034EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.5 views

PT-2024-13399 · Ncr · Ncr Terminal Handler

Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue allows an unprivileged user to edit the audit logs for any user, potentially leading to CSV injection. It also enables a remote attacker to execute arbitrary code via a crafted script ...

6.5CVSS7AI score0.0034EPSS
Exploits0References9
OSV
OSV
added 2024/01/20 2:15 a.m.6 views

CVE-2023-47024

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

8.8CVSS5.8AI score0.0025EPSS
Exploits0References2
NVD
NVD
added 2024/01/20 2:15 a.m.20 views

CVE-2023-47024

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

8.8CVSS8.8AI score0.0025EPSS
Exploits0References2
Prion
Prion
added 2024/01/20 2:15 a.m.26 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

6.8CVSS7.4AI score0.0025EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/20 12:0 a.m.19 views

CVE-2023-47024

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

7.4AI score0.0025EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/01/20 12:0 a.m.3 views

NCR Atleos Terminal Handler Cross-Site Request Forgery Vulnerability

NCR Atleos Terminal Handler is an ATM enterprise software solution from NCR Atleos that reduces costs, improves business agility and increases your competitive advantage. A cross-site request forgery vulnerability exists in NCR Atleos Terminal Handler version v.1.5.1, which originates from a...

8.8CVSS6.9AI score0.0025EPSS
Exploits0References3
CVE
CVE
added 2024/01/20 12:0 a.m.73 views

CVE-2023-47024

CVE-2023-47024 affects NCR Terminal Handler v1.5.1 and centers on CSRF, enabled by multiple vulnerabilities including an undisclosed function in the WSDL with weak security controls that can accept custom content types. This can allow a remote attacker to trigger a one‑click account takeover via ...

8.8CVSS8.7AI score0.0025EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/01/20 12:0 a.m.24 views

CVE-2023-47024

Cross-Site Request Forgery CSRF in NCR Terminal Handler v.1.5.1 leads to a one-click account takeover. This is achieved by exploiting multiple vulnerabilities, including an undisclosed function in the WSDL that has weak security controls and can accept custom content types...

9AI score0.0025EPSS
Exploits0References2
Rows per page
Query Builder