Lucene search
K

153 matches found

Positive Technologies
Positive Technologies
added 2024/06/06 12:0 a.m.10 views

PT-2024-18651 · Zenml Io · Zenml

Name of the Vulnerable Software and Affected Versions: zenml-io/zenml version 0.55.3 Description: An improper authorization issue exists in the zenml-io/zenml repository, specifically within the API "PUT /api/v1/users/id" endpoint. This issue allows any authenticated user to modify the informatio...

6.5CVSS6.5AI score0.00623EPSS
Exploits1References10
Tenable Nessus
Tenable Nessus
added 2024/05/27 12:0 a.m.21 views

IRZ RUH2 Insufficient Verification of Data Authenticity (CVE-2016-2309)

iRZ RUH2 before 2b does not validate firmware patches, which allows remote authenticated users to modify data or cause a denial of service via unspecified vectors. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL...

8CVSS7.1AI score0.0068EPSS
Exploits0References2
CVE
CVE
added 2024/05/26 10:25 p.m.59 views

CVE-2024-4286

The CVE-2024-4286 entry refers to Mintplex-Labs’ anything-llm application with improper neutralization of elements in an expression language statement. The vulnerability arises from how user modifications by managers/admins are handled, allowing modification of all attributes of the user entity w...

4.9CVSS5AI score0.00356EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/26 10:25 p.m.12 views

CVE-2024-4286 Improper Neutralization of Special Elements in mintplex-labs/anything-llm

Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id 57984fa85c31988b2eff429adfc654c46e0c342a. The vulnerability arises from the application's handling of user modifications by...

4.9CVSS6.7AI score0.00356EPSS
Exploits0References2
NVD
NVD
added 2024/05/19 11:15 p.m.12 views

CVE-2024-4284

A vulnerability in mintplex-labs/anything-llm allows for a denial of service DoS condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting...

4.9CVSS5.2AI score0.0056EPSS
Exploits1References2
OSV
OSV
added 2024/05/19 11:15 p.m.15 views

CVE-2024-4284

A vulnerability in mintplex-labs/anything-llm allows for a denial of service DoS condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting...

4.9CVSS6.9AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/19 10:23 p.m.15 views

CVE-2024-4284 Denial of Service in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows for a denial of service DoS condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting...

4.9CVSS6.9AI score0.0056EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/05/19 10:23 p.m.24 views

CVE-2024-4284 Denial of Service in mintplex-labs/anything-llm

A vulnerability in mintplex-labs/anything-llm allows for a denial of service DoS condition through the modification of a user's id attribute to a value of 0. This issue affects the current version of the software, with the latest commit id 57984fa85c31988b2eff429adfc654c46e0c342a. By exploiting...

4.9CVSS5.2AI score0.0056EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/19 12:0 a.m.4 views

PT-2024-30180 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 1.0.0 Description: A denial of service DoS condition can be triggered through the modification of a user's id attribute to a value of 0. This can render a chosen account completely inaccessible,...

4.9CVSS5AI score0.0056EPSS
Exploits1References7
ATTACKERKB
ATTACKERKB
added 2023/10/17 4:15 p.m.2 views

CVE-2023-27133

TSplus Remote Work 16.0.0.0 has weak permissions for .exe, .js, and .html files under the %PROGRAMFILESX86%\TSplus-RemoteWork\Clients\www folder. This may enable privilege escalation if a different local user modifies a file. NOTE: CVE-2023-31067 and CVE-2023-31068 are only about the TSplus Remot...

9.8CVSS7.2AI score0.02884EPSS
Exploits8References2
CNNVD
CNNVD
added 2023/10/11 12:0 a.m.5 views

D-Link DPH-400SE Security Vulnerability

The D-Link DPH-400SE is an IP phone from China AUO D-Link. A security vulnerability exists in the D-Link DPH-400SE FRU version 2.2.15.8, which originated from a vulnerability that allows remote attackers to escalate privileges via the user modification feature in the Maintenance/Access feature...

8.8CVSS7.2AI score0.01051EPSS
Exploits1References3
NVD
NVD
added 2023/10/02 3:15 p.m.30 views

CVE-2023-4659

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an...

9.8CVSS9.5AI score0.0033EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/10/02 2:5 p.m.31 views

CVE-2023-4659 Cross-Site Request Forgery in Free5Gc

Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE requests without any token value. Therefore, an...

9.8CVSS9.6AI score0.0033EPSS
Exploits0References1
OSV
OSV
added 2023/09/19 1:16 p.m.4 views

CVE-2022-47558

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...

9.8CVSS5.8AI score0.00519EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/19 12:58 p.m.17 views

CVE-2022-47558 Improper Access Control in Ormazabal products

Devices ekorCCP and ekorRCI are vulnerable due to access to the FTP service using default credentials. Exploitation of this vulnerability can allow an attacker to modify critical files that could allow the creation of new users, delete or modify existing users, modify configuration files, install...

9.4CVSS9.6AI score0.00519EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2023/09/05 12:0 a.m.273 views

DLINK DPH-400SE FRU2.2.15.8 Information Disclosure

Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information Date : 25-08-2023 Exploit Author : tahaafarooq Vendor Homepage : https://dlink.com/ Version : FRU2.2.15.8 Tested on: DLINK DPH-400SE VoIP Phone Description: With default credential for the guest user "guest:guest" to login on the...

7.1AI score
Exploits0
0day.today
0day.today
added 2023/09/04 12:0 a.m.254 views

D-LINK DPH-400SE - Exposure of Sensitive Information Vulnerability

Exploit Title : DLINK DPH-400SE - Exposure of Sensitive Information Exploit Author : tahaafarooq Vendor Homepage : https://dlink.com/ Version : FRU2.2.15.8 Tested on: DLINK DPH-400SE VoIP Phone Description: With default credential for the guest user "guest:guest" to login on the web portal, the...

7.1AI score
Exploits0
OSV
OSV
added 2023/02/03 9:15 p.m.6 views

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

7.2CVSS7.1AI score0.00887EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/02/03 12:0 a.m.5 views

PT-2023-19370 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.8 Description: The issue allows a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

7.2CVSS7AI score0.00887EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/03 12:0 a.m.2 views

CVE-2023-24029

In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...

7.1AI score0.00887EPSS
Exploits0References2
Rows per page
Query Builder