176 matches found
CVE-2024-39033
In Newgensoft OmniDocs 11.0SP103006, Insecure Direct Object Reference IDOR in the getuserproperty function allows user's configuration and PII to be stolen...
CVE-2024-39033
In Newgensoft OmniDocs 11.0 SP1 03 006, CVE-2024-39033 describes an Insecure Direct Object Reference (IDOR) in the getuserproperty function, allowing theft of a user’s configuration and PII. Affected component: getuserproperty in OmniDocs. Root cause: IDOR could enable unauthorized access to conf...
PT-2025-5835 · Newgensoft · Newgensoft Omnidocs
Name of the Vulnerable Software and Affected Versions: Newgensoft OmniDocs version 11.0 SP1 03 006 Description: The issue concerns an Insecure Direct Object Reference IDOR in the getuserproperty function, which allows the theft of a user's configuration and personally identifiable information PII...
CVE-2024-39033
In Newgensoft OmniDocs 11.0SP103006, Insecure Direct Object Reference IDOR in the getuserproperty function allows user's configuration and PII to be stolen...
Rockwell Automation Power Monitor 1000 Device Takeover Vulnerability
Rockwell Automation Power Monitor 1000 is a power monitor from Rockwell Automation. A security vulnerability exists in Rockwell Automation Power Monitor 1000 versions prior to 4.020, which can be exploited by an attacker to configure a new policyholder user without any authentication through the...
CVE-2024-47863
An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with...
CVE-2024-47863
An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with...
CVE-2024-47863
An issue was discovered in Centreon Web 24.10.x before 24.10.0, 24.04.x before 24.04.8, 23.10.x before 23.10.18, 23.04.x before 23.04.23, and 22.10.x before 22.10.26. A stored XSS was found in the user configuration contact name field. This form is only accessible to authenticated users with...
CVE-2024-47863
CVE-2024-47863 affects Centreon Web with a stored XSS in the user configuration contact name field. This form is accessible only to authenticated users with high-privilege access. Affected versions include Centreon Web 22.10.x up to 22.10.26 (22.10.26 fixed), 23.04.x up to 23.04.23, 23.10.x up to...
PT-2024-32855 · Centreon · Centreon Web
Name of the Vulnerable Software and Affected Versions: Centreon Web versions 22.10.x through 22.10.25 Centreon Web versions 23.04.x through 23.04.22 Centreon Web versions 23.10.x through 23.10.17 Centreon Web versions 24.04.x through 24.04.7 Centreon Web versions 24.10.x through 24.09 Description...
CVE-2024-46894
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...
CVE-2024-46894
A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 3. The affected application does not properly validate authorization of a user to query the "/api/sftp/users" endpoint. This could allow an authenticated remote attacker to gain knowledge about the list of configured...
Mitel MiCollab SQL Injection Vulnerability (CNVD-2024-42930)
Mitel MiCollab is an enterprise-grade audio, web and video conferencing solution that provides efficient collaboration and communication capabilities. An SQL injection vulnerability exists in Mitel MiCollab, which can be exploited by an attacker to access non-sensitive user configuration...
Mitel MiCollab 安全漏洞
Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees from Mitel Canada. A security vulnerability exists in Mitel MiCollab version 9.8 SP1 FP2 9.8.1.201 and prior versions, which stems from insufficient filtering of...
Mitel MiCollab SQL注入漏洞
Mitel MiCollab is an enterprise-grade audio, web and video conferencing solution that provides efficient collaboration and communication capabilities. An SQL injection vulnerability exists in Mitel MiCollab, which can be exploited by an attacker to access non-sensitive user configuration...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open source application from GitHub in the United States. It provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server that stem...
CVE-2024-47555
Missing Authentication - User & System Configuration...
CVE-2024-47555 Missing Authentication - User & System Configuration
Missing Authentication - User & System Configuration...
CVE-2024-47555 Missing Authentication - User & System Configuration
Missing Authentication - User & System Configuration...
CVE-2024-47555
CVE-2024-47555 affects Xerox FreeFlow Core with a missing authentication vulnerability. According to the CVSS 3.1 vector, the issue is exploitable from an adjacent network, has high impact on confidentiality, integrity, and availability, and requires no user interaction. The root cause is a broke...