160 matches found
PT-2024-7151 · Juniper Networks · Junos Evolved
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 21.2R3-S8-EVO Juniper Networks Junos OS Evolved versions from 21.4-EVO prior to 21.4R3-S8-EVO Juniper Networks Junos OS Evolved versions from 22.2-EVO prior to 22.2R3-S4-EVO Juniper Networks...
WordPress plugin Zephyr Project Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Exploit for Use of Password Hash With Insufficient Computational Effort in Redhat Enterprise_Linux
CVE-2024-3183-POC POC for CVE-2024-3183 FreeIPA Rosting Imp...
CVE-2024-42062 Apache CloudStack: User Key Exposure to Domain Admins
CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that...
PT-2024-5550 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.6 Fortinet FortiPortal version 7.2.0 Description: The issue is related to an authorization bypass in the administration interface of Fortinet FortiPortal, which can be exploited by using a...
Fortinet FortiPorta Security Vulnerability
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi, and FortiAP product lines, available as a virtual machine for MSPs. A security vulnerability exists in Fortinet FortiPortal that stems from the presence of a...
GO-2024-2434 CubeFS leaks users key in logs in github.com/cubefs/cubefs
CubeFS leaks users key in logs in github.com/cubefs/cubefs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please suggest an edit t...
The vulnerability of the FortiVoice enterprise telephony software relates to the bypassing of authentication procedures by using a user-controlled key, allowing an intruder to access the configuration SIP files.
The vulnerability of the FortiVoice corporate telephony software relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to disclose configuration SIP files by sending specially crafted HTTP or HTTP requests...
PT-2024-30162 · WordPress · The Tutor Lms
Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.7.0 Description: The issue allows authenticated attackers with Instructor-level permissions and above to delete any course due to missi...
DirectCyber Evolution Controller 安全漏洞
DirectCyber Evolution Controller is an access control controller software from DirectCyber, Inc. that is used to controller physical access to facilities. A security vulnerability exists in DirectCyber Evolution Controller version 2.04.560.31.03.2024 and prior versions, which stems from an...
WordPress Plugin ProfileGrid 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL, and the WordPress...
The vulnerability of the SSL-VPN component for FortiOS operating systems and proxy servers, which allows attackers to gain unauthorized access to another user’s web pages.
The vulnerability of the SSL-VPN component for FortiOS operating systems and FortiProxy proxy servers relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to gain unauthorized access to another user’s web page by manipulating the URL...
PT-2024-19327 · WordPress · Kali Forms
Name of the Vulnerable Software and Affected Versions: Contact Form builder with drag & drop for WordPress – Kali Forms versions 2.3.36 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This vulnerability affects the Contact Form...
PT-2024-15664 · Idmsistemas · Qsige
Name of the Vulnerable Software and Affected Versions: QSige affected versions not specified Description: The issue is related to the omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. This allows an attacker to extract sensitive information fr...
The vulnerability of the intermediate installation process for microprogramming software on the SIMATIC CN 4100 allows a intruder to gain access to the system and obtain full control over the application.
The vulnerability of the intermediate installation process for microprogrammed communication gateway software SIMATIC CN 4100 relates to bypassing authentication by using a user-controlled key. Exploiting this vulnerability allows an attacker to remotely gain access to the system and gain full...
PT-2024-5348 · Qualcomm · Qualcomm Microprogram +1
Name of the Vulnerable Software and Affected Versions: Qualcomm embedded platform software affected versions not specified Description: The issue is related to memory corruption that occurs while processing a key blob passed by the user. This can potentially allow an attacker to execute arbitrary...
PT-2023-23995 · Unknown · Woocommerce Bookings
Name of the Vulnerable Software and Affected Versions: WooCommerce Bookings versions 1.15.78 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for potential unauthorized access. Recommendations: For versions 1.15.78 and...
PT-2023-9735 · Fortinet · Fortiportal
Name of the Vulnerable Software and Affected Versions: Fortinet FortiPortal versions 7.0.0 through 7.0.3 Description: The issue is related to an authorization bypass through a user-controlled key, allowing an authenticated attacker to interact with resources of other organizations via HTTP or HTT...
Vulnerabilities fixed in FortiNet FortiOS and FortiProxy
FortiNet has fixed vulnerabilities in FortiOS and FortiProxy. A malicious party could exploit the vulnerabilities to execute arbitrary execute arbitrary code on the vulnerable system, or under specific circumstances to take over a user's session. The vulnerability with attribute CVE-2023-33308...
PT-2023-22718
Name of the Vulnerable Software and Affected Versions TMT Lockcell versions prior to 15 Description The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability, which allows for Authentication Abuse and Authentication Bypass. Recommendations For versions prior to 15,...