31 matches found
PT-2022-3463 · Open Automation · Open Automation Software Oas Platform
Name of the Vulnerable Software and Affected Versions: Open Automation Software OAS Platform version V16.00.0112 Description: The issue concerns the OAS Engine SecureAddSecurity functionality, where a lack of authentication check for a critical function can be exploited. An attacker can send a...
The vulnerability of software for deploying virtual computers and Vmware Horizon DaaS applications allows attackers to bypass the two-factor authentication process.
The vulnerability of the software for deploying virtual computers and Vmware Horizon DaaS applications is related to the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to bypass the two-factor authentication process...
The vulnerability of the device controller in the Cisco Data Center Network Manager system allows a intruder to perform arbitrary actions on the vulnerable device.
The vulnerability of the Data Center Network Manager DCNM device relates to the absence of authentication for a critical function. Exploiting this vulnerability allows an attacker, operating remotely, to perform arbitrary actions on the vulnerable device...
Multiple Themes - Unauthenticated Function Injection
Jerome Bruandet, from nintechnet, discovered numerous themes affected by Unauthenticated Function Injection issues, due to the lack of capability and CSRF nonce checks in AJAX actions. The naturemag-lite theme partially fixed the issues in v1.0.5, however it has been removed from the WordPress...
WordPress NatureMag Lite theme <=1.0.4 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress NatureMag Lite theme versions =1.0.4. Solution Theme removed from the WordPress theme repository...
WordPress Pixova Lite theme <=2.0.6 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Pixova Lite theme versions =2.0.6. Solution Update the WordPress Pixova Lite theme to the latest available version at least 2.0.7...
WordPress Brilliance theme <=1.2.9 - Unauthenticated Function Injection vulnerability
Unauthenticated Function Injection vulnerability found by Jerome Bruandet NinTechNet in WordPress Brilliance theme versions 1.2.9. Solution Update the WordPress Brilliance theme to the latest available version at least =1.3.0...
The vulnerability in the web interface of the Cisco Identity Services Engine (ISE) management platform allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Cisco Identity Services Engine ISE network policy management web interface is related to the lack of authentication for a critical function. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information by...
The vulnerability of the EAP Controller remote management utility lies in the lack of authentication for a critical function, allowing a malicious actor to control the target server and execute arbitrary Java or bytecode.
The vulnerability of the EAP Controller remote management utility lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to remotely control the target server and execute arbitrary Java or bytecode...
The vulnerability of the remote access system for the Virtual Network Computing software infrastructure of Cisco Enterprise NFV Infrastructure Software (NFVIS) allows a hacker to increase their privileges.
The vulnerability of the remote access system of Cisco Enterprise NFV Infrastructure Software NFVIS is related to the lack of authentication for a critical function. Exploiting this vulnerability can allow an attacker operating remotely to increase their privileges...
The vulnerability of the configuration import utility for the Cisco Integrated Management Controller allows a perpetrator to gain write access and load any data into the file system.
The vulnerability of the configuration import utility for the Cisco Integrated Management Controller remote management software lies in the lack of authentication for a critical function. Exploiting this vulnerability allows a malicious actor to gain write access and load any data into the file...