111 matches found
SICK FTMg 安全漏洞
SICK FTMg is a flow sensor from SICK. A security vulnerability exists in the SICK FTMg AIR FLOW SENSOR that arises from the inclusion of sensitive information in the source code, which could allow a remote attacker to analyze the source code to obtain information about a valid user name...
CVE-2023-0683
A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...
CVE-2022-45876
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...
CVE-2022-47505 SolarWinds Platform Local Privilege Escalation Vulnerability
The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges...
Remote code execution
A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...
Fortinet Fortigate (FG-IR-22-444)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-444 advisory. - An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 throug...
Protect
An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...
CVE-2022-46300
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...
CVE-2022-45468 CVE-2022-45468
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...
CVE-2022-45468 CVE-2022-45468
Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...
SUSE CVE-2020-1955
CouchDB version 3.0.0 shipped with a new configuration setting that governs access control to the entire database server called requirevaliduserexceptforup. It was meant as an extension to the long standing setting requirevaliduser, which in turn requires that any and all requests to CouchDB will...
Information disclosure
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull...
CVE-2022-3738 WAGO: Missing authentication for config export functionality in multiple products
The vulnerability allows a remote unauthenticated attacker to download a backup file, if one exists. That backup file might contain sensitive information like credentials and cryptographic material. A valid user has to create a backup after the last reboot for this attack to be successfull...
PT-2022-27084 · Pwndoc · Pwndoc
Name of the Vulnerable Software and Affected Versions: PwnDoc versions 0.5.3 and earlier Description: The issue allows remote attackers to identify valid user account names by leveraging response timings for authentication attempts. Recommendations: For PwnDoc versions 0.5.3 and earlier, at the...
User Enumeration via Response Timing
Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept Steps to reproduce: 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively ...
User Enumeration via Response Timing
Description There is a significant timing difference in the login functionality for valid and invalid usernames. Proof of Concept 1. Attempt a Login with a valid user and an invalid user and observe the difference in the response time Here is a small test script alternatively we can see the...
CVE-2022-28161
An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in filetansfer.log in debug mode. To exploit this vulnerability, the attacker would need t...
BSA-2022-1840
Security Advisory ID : BSA-2022-1840 Component : debug mode Revision : 1.0 An information exposure through log file vulnerability in Brocade SANNav versions before Brocade SANnav 2.2.0 could allow an authenticated, local attacker to view sensitive information such as ssh passwords in...
Tiny File Manager路径遍历漏洞
Tiny File Manager is a web-based open source file manager. A path traversal vulnerability in the tinyfilemanager.php file upload function in Tiny File Manager 2.4.1 allows remote attackers to upload malicious PHP files to the webroot using a valid user account and achieve code execution on the...
Dalmark Systems Systeam 安全漏洞
Dalmark Systems Systeam is an Erp system from Dalmark Systems, a Brazilian company. version 2.22.8 build 1724 of Dalmark Systems Systeam contains a security vulnerability that could be exploited by an attacker to brute-force a valid user...