Lucene search
+L

47 matches found

NVD
NVD
added 2019/05/23 6:29 p.m.20 views

CVE-2019-12288

An issue was discovered in upgradehtmls.cgi on VStarcam 100T C7824WIP KR75.8.53.20 and 200V C38S KR203.18.1.20 devices. The web service, network, and account files can be manipulated through a web UI firmware update without any authentication. The attacker can achieve access to the device through...

9.8CVSS9.4AI score0.01637EPSS
Exploits0References1
NVD
NVD
added 2019/05/20 6:29 p.m.22 views

CVE-2019-4058

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570...

6.5CVSS6.2AI score0.00925EPSS
Exploits0References2
Prion
Prion
added 2019/05/20 6:29 p.m.18 views

Design/Logic Flaw

IBM BigFix Platform 9.2 and 9.5 could allow a low-privilege user to manipulate the UI into exposing interface elements and information normally restricted to administrators. IBM X-Force ID: 156570...

4CVSS6AI score0.00925EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/05/09 2:27 p.m.47 views

CVE-2019-6546

CVE-2019-6546 affects GE Communicator prior to 4.0.517. The issue allows placing malicious files in the program’s working directory, potentially enabling manipulation of widgets/UI elements. Affected component/behavior is described in multiple sources (NVD and ICS advisories). Remediation per PT ...

7.8CVSS7.5AI score0.00835EPSS
Exploits0References1Affected Software1
ICS
ICS
added 2019/05/02 12:0 a.m.76 views

GE Communicator

1. EXECUTIVE SUMMARY CVSS v3 8.1 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: General Electric Equipment: Communicator Vulnerabilities: Uncontrolled Search Path, Use of Hard-coded Credentials, Improper Access Controls 2. RISK EVALUATION Successful exploitation of these...

9.8CVSS7.9AI score0.01277EPSS
Exploits0References6
The Hacker Blog
The Hacker Blog
added 2018/06/08 2:24 a.m.18 views

Steam, Fire, and Paste – A Story of UXSS via DOM-XSS & Clickjacking in Steam Inventory Helper

Summary The “Steam Inventory Helper” Chrome extension version 1.13.6 suffered from both a DOM-based Cross-site Scripting XSS and a clickjacking vulnerability. By combining these vulnerabilities it is possible to gain JavaScript code execution in the highly-privileged context of the extension’s...

6.1AI score
Exploits0
CNVD
CNVD
added 2016/03/19 12:0 a.m.5 views

Drupal Prepopulate Module Security Bypass Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community. prepopulate is one of the prepopulated field modules. Drupal Prepopulate has a security vulnerability due to a failure to restrict users from overriding any portion of $REQUEST and...

7.5CVSS6.9AI score0.01862EPSS
Exploits0References1
Rows per page
Query Builder