Lucene search
K

31 matches found

Positive Technologies
Positive Technologies
added 2022/05/25 12:0 a.m.5 views

PT-2022-3463 · Open Automation · Open Automation Software Oas Platform

Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version V16.00.0112 Description: The issue concerns the OAS Engine SecureAddSecurity functionality, where a lack of authentication check for a critical function can be exploited. An attacker can send a...

7.8CVSS7.5AI score0.01208EPSS
Exploits1References3
BDU FSTEC
BDU FSTEC
added 2020/10/22 12:0 a.m.8 views

The vulnerability of software for deploying virtual computers and Vmware Horizon DaaS applications allows attackers to bypass the two-factor authentication process.

The vulnerability of the software for deploying virtual computers and Vmware Horizon DaaS applications is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass the two-factor authentication process...

6.8CVSS6.6AI score0.0096EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2020/10/14 12:0 a.m.4 views

The vulnerability of the device controller in the Cisco Data Center Network Manager system allows a intruder to perform arbitrary actions on the vulnerable device.

The vulnerability of the Data Center Network Manager DCNM device relates to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to perform arbitrary actions on the vulnerable device...

7.5CVSS7.9AI score0.01152EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2020/10/01 12:0 a.m.17 views

Multiple Themes - Unauthenticated Function Injection

Jerome Bruandet, from nintechnet, discovered numerous themes affected by Unauthenticated Function Injection issues, due to the lack of capability and CSRF nonce checks in AJAX actions. The naturemag-lite theme partially fixed the issues in v1.0.5, however it has been removed from the WordPress...

1.6AI score
Exploits0References2Affected Software15
Patchstack
Patchstack
added 2020/10/01 12:0 a.m.10 views

WordPress NatureMag Lite theme <=1.0.4 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress NatureMag Lite theme versions =1.0.4. Solution Theme removed from the WordPress theme repository...

3.1AI score
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2020/10/01 12:0 a.m.16 views

WordPress Pixova Lite theme <=2.0.6 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Pixova Lite theme versions =2.0.6. Solution Update the WordPress Pixova Lite theme to the latest available version at least 2.0.7...

3.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2020/10/01 12:0 a.m.9 views

WordPress Brilliance theme <=1.2.9 - Unauthenticated Function Injection vulnerability

Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Brilliance theme versions 1.2.9. Solution Update the WordPress Brilliance theme to the latest available version at least =1.3.0...

4.1AI score
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/12/09 12:0 a.m.3 views

The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Cisco Identity Services Engine ISE network policy management web interface is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by...

5CVSS5.5AI score0.01221EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2019/11/11 12:0 a.m.4 views

The vulnerability of the EAP Controller remote management utility lies in the lack of authentication for a critical function, allowing a malicious actor to control the target server and execute arbitrary Java or bytecode.

The vulnerability of the EAP Controller remote management utility lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to remotely control the target server and execute arbitrary Java or bytecode...

10CVSS8.3AI score0.1286EPSS
Exploits0References4Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/08/20 12:0 a.m.3 views

The vulnerability of the remote access system for the Virtual Network Computing software infrastructure of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a hacker to increase their privileges.

The vulnerability of the remote access system of Cisco Enterprise NFV Infrastructure Software NFVIS is related to the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker operating remotely to increase their privileges...

10CVSS5.6AI score0.02285EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2019/07/04 12:0 a.m.5 views

The vulnerability of the configuration import utility for the Cisco Integrated Management Controller allows a perpetrator to gain write access and load any data into the file system.

The vulnerability of the configuration import utility for the Cisco Integrated Management Controller remote management software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to gain write access and load any data into the file...

5.3CVSS5.6AI score0.01516EPSS
Exploits0References3
Rows per page
Query Builder