Lucene search
K

111 matches found

CNNVD
CNNVD
added 2023/05/15 12:0 a.m.5 views

SICK FTMg 安全漏洞

SICK FTMg is a flow sensor from SICK. A security vulnerability exists in the SICK FTMg AIR FLOW SENSOR that arises from the inclusion of sensitive information in the source code, which could allow a remote attacker to analyze the source code to obtain information about a valid user name...

5.3CVSS5.8AI score0.00785EPSS
Exploits0References4
NVD
NVD
added 2023/05/01 3:15 p.m.32 views

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

8.8CVSS8.4AI score0.00569EPSS
Exploits0References1
OSV
OSV
added 2023/04/26 10:15 p.m.5 views

CVE-2022-45876

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

5.5CVSS5.7AI score0.03332EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/21 12:0 a.m.6 views

CVE-2022-47505 SolarWinds Platform Local Privilege Escalation Vulnerability

The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges...

7.8CVSS7.6AI score0.00242EPSS
Exploits0References2
Prion
Prion
added 2023/04/18 5:15 p.m.16 views

Remote code execution

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...

6.8CVSS8.8AI score0.00845EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.27 views

Fortinet Fortigate (FG-IR-22-444)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-444 advisory. - An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 throug...

8.8CVSS8AI score0.00405EPSS
Exploits0References2
Fortinet
Fortinet
added 2023/04/11 12:0 a.m.67 views

Protect

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...

6.5CVSS8.4AI score0.00405EPSS
Exploits0Affected Software3
NVD
NVD
added 2023/03/21 11:15 p.m.33 views

CVE-2022-46300

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

5.5CVSS5.2AI score0.04148EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/03/21 10:24 p.m.35 views

CVE-2022-45468 CVE-2022-45468

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

5.5AI score0.01761EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/03/21 10:24 p.m.8 views

CVE-2022-45468 CVE-2022-45468

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

6.7AI score0.01761EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2023/02/15 4:4 a.m.5 views

SUSE CVE-2020-1955

CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called requirevaliduserexceptforup. It was meant as an extension to the long standing setting requirevaliduser, which in turn requires that any and all requests to CouchDB will...

9.8CVSS6.8AI score0.01846EPSS
Exploits0References3
Prion
Prion
added 2023/01/19 12:15 p.m.21 views

Information disclosure

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull...

2.6CVSS5.6AI score0.00625EPSS
Exploits0References1Affected Software7
Cvelist
Cvelist
added 2023/01/19 11:27 a.m.22 views

CVE-2022-3738 WAGO: Missing authentication for config export functionality in multiple products

The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull...

5.9CVSS5.9AI score0.00625EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2022/10/29 12:0 a.m.10 views

PT-2022-27084 · Pwndoc · Pwndoc

Name of the Vulnerable Software and Affected Versions: PwnDoc versions 0.5.3 and earlier Description: The issue allows remote attackers to identify valid user account names by leveraging response timings for authentication attempts. Recommendations: For PwnDoc versions 0.5.3 and earlier, at the...

5.3CVSS7.2AI score0.00746EPSS
Exploits1References6
Huntr
Huntr
added 2022/09/11 12:43 p.m.24 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept Steps to reproduce: 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively ...

0.7AI score
Exploits0References1
Huntr
Huntr
added 2022/08/25 9:58 p.m.21 views

User Enumeration via Response Timing

Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...

5CVSS5.2AI score0.00977EPSS
Exploits0References1
NVD
NVD
added 2022/05/09 5:15 p.m.20 views

CVE-2022-28161

An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...

5.5CVSS0.0021EPSS
Exploits0References1
Broadcom
Broadcom
added 2022/05/03 12:0 a.m.42 views

BSA-2022-1840

Security Advisory ID : BSA-2022-1840 Component : debug mode Revision : 1.0 An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in...

5CVSS5.2AI score0.0021EPSS
Exploits0
CNNVD
CNNVD
added 2022/03/15 12:0 a.m.24 views

Tiny File Manager路径遍历漏洞

Tiny File Manager is a web-based open source file manager. A path traversal vulnerability in the tinyfilemanager.php file upload function in Tiny File Manager 2.4.1 allows remote attackers to upload malicious PHP files to the webroot using a valid user account and achieve code execution on the...

8.8CVSS8.5AI score0.7008EPSS
Exploits7References12
CNNVD
CNNVD
added 2021/12/21 12:0 a.m.7 views

Dalmark Systems Systeam 安全漏洞

Dalmark Systems Systeam is an Erp system from Dalmark Systems, a Brazilian company. version 2.22.8 build 1724 of Dalmark Systems Systeam contains a security vulnerability that could be exploited by an attacker to brute-force a valid user...

5.3CVSS5.6AI score0.00789EPSS
Exploits0References2
Rows per page
Query Builder