153 matches found
PT-2024-18651 · Zenml Io · Zenml
Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.55.3 Description: An improper authorization issue exists in the zenml-io/zenml repository, specifically within the API "PUT /api/v1/users/id" endpoint. This issue allows any authenticated user to modify the informatio...
IRZ RUH2 Insufficient Verification of Data Authenticity (CVE-2016-2309)
iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...
CVE-2024-4286
The CVE-2024-4286 entry refers to Mintplex-Labs’ anything-llm application with improper neutralization of elements in an expression language statement. The vulnerability arises from how user modifications by managers/admins are handled, allowing modification of all attributes of the user entity w...
CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...
CVE-2024-4284
A vulnerability in mintplex-labs/anything-llm allows for a denial of service DoS condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting...
CVE-2024-4284
A vulnerability in mintplex-labs/anything-llm allows for a denial of service DoS condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting...
CVE-2024-4284 Denial of Service in mintplex-labs/anything-llm
A vulnerability in mintplex-labs/anything-llm allows for a denial of service DoS condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting...
CVE-2024-4284 Denial of Service in mintplex-labs/anything-llm
A vulnerability in mintplex-labs/anything-llm allows for a denial of service DoS condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting...
PT-2024-30180 · Mintplex · Anything-Llm
Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.0.0 Description: A denial of service DoS condition can be triggered through the modification of a user's id attribute to a value of 0. This can render a chosen account completely inaccessible,...
CVE-2023-27133
TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...
D-Link DPH-400SE Security Vulnerability
The D-Link DPH-400SE is an IP phone from China AUO D-Link. A security vulnerability exists in the D-Link DPH-400SE FRU version 2.2.15.8, which originated from a vulnerability that allows remote attackers to escalate privileges via the user modification feature in the Maintenance/Access feature...
CVE-2023-4659
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an...
CVE-2023-4659 Cross-Site Request Forgery in Free5Gc
Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an...
CVE-2022-47558
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...
CVE-2022-47558 Improper Access Control in Ormazabal products
Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...
DLINK DPH-400SE FRU2.2.15.8 Information Disclosure
Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information Date : 25-08-2023 Exploit Author : tahaafarooq Vendor Homepage : https://dlink.com/ Version : FRU2.2.15.8 Tested on: DLINK DPH-400SE VoIP Phone Description: With default credential for the guest user "guest:guest" to login on the...
D-LINK DPH-400SE - Exposure of Sensitive Information Vulnerability
Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information Exploit Author : tahaafarooq Vendor Homepage : https://dlink.com/ Version : FRU2.2.15.8 Tested on: DLINK DPH-400SE VoIP Phone Description: With default credential for the guest user "guest:guest" to login on the web portal, the...
CVE-2023-24029
In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...
PT-2023-19370 · Ipswitch · Ws Ftp Server
Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8 Description: The issue allows a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...
CVE-2023-24029
In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...