874 matches found
Authentication flaw
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...
CVE-2023-5329
CVE-2023-5329 affects Field Logic DataCube4 Web API (endpoint /api/). The vulnerability arises from improper authentication in the Web API, enabling potential unauthorized access. Affected version: DataCube4 up to 20231001. The exploit has been disclosed publicly. CVSS 3.1 base score 7.5 ( HIGH )...
CVE-2023-5329 Field Logic DataCube4 Web API improper authentication
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...
CVE-2023-5329 Field Logic DataCube4 Web API improper authentication
A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclosed to the public and may be used...
The vulnerability of the HTTP application programming interface of the database management tool pgAdmin 4 allows a hacker to execute arbitrary commands on the server.
The vulnerability of the HTTP application programming interface of the database management tool pgAdmin 4 relates to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the server remotely...
Security update for chromium (important)
openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2023:0234-1 Rating: important References: 1214003 1214301 Cross-References: CVE-2023-2312 CVE-2023-4349 CVE-2023-4350 CVE-2023-4351 CVE-2023-4352 CVE-2023-4353 CVE-2023-4354 CVE-2023-4355 CVE-2023-4356 CVE-2023-43...
CVE-2023-33237
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs ar...
CVE-2023-33237
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs ar...
Authentication flaw
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs ar...
CVE-2023-33237 Authentication Bypass Without Administrator Privilege
TN-5900 Series firmware version v3.3 and prior is vulnerable to improper-authentication vulnerability. This vulnerability arises from inadequate authentication measures implemented in the web API handler, allowing low-privileged APIs to execute restricted actions that only high-privileged APIs ar...
MOXA TN-5900 授权问题漏洞
MOXA TN-5900 is a series of industrial firewall routers from China MOXA. An authentication error vulnerability exists in the MOXA TN-5900 prior to version v3.3, which stems from insufficient authentication measures implemented in the Web API handler, and can be exploited by an attacker to cause a...
PT-2023-4389 · Moxa · Moxa Tn-5900 Series
Name of the Vulnerable Software and Affected Versions: Moxa TN-5900 Series firmware version v3.3 and prior Description: The issue is related to improper authentication in the web API handler of the Moxa TN-5900 Series firmware, allowing low-privileged APIs to execute restricted actions. This...
Dataprobe Authorization Issues Vulnerability
Dataprobe is a family of intelligent power switch and management products from Dataprobe, Inc. in the United States. A security vulnerability exists in Dataprobe iBoot PDU version 1.43.03312023 and prior versions, which stems from vulnerability to authentication bypass attacks in the REST API, an...
PT-2023-23923 · Dataprobe · Dataprobe Iboot Pdu
Name of the Vulnerable Software and Affected Versions: Dataprobe iBoot PDU version 1.43.03312023 or earlier Description: The issue concerns authentication bypass in the REST API due to the mishandling of special characters when parsing credentials. Successful exploitation allows a malicious agent...
CVE-2023-37862
In PHOENIX CONTACTs WP 6xxx series web panels in versions prior to 4.0.10 an unauthenticated remote attacker can access upload-functions of the HTTP API. This might cause certificate errors for SSL-connections and might result in a partial denial-of-service...
Authorization Bypass
chromium is vulnerable to Authorization Bypasses. This vulnerability occurs when Chrome parses a specially crafted HTML page that contains a Web API permission prompt. If the page is valid, Chrome could be tricked into displaying the prompt in an unexpected way. This could allow the attacker to...
DEBIAN-CVE-2023-3735
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-3735
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
CVE-2023-3735
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...
Design/Logic Flaw
Inappropriate implementation in Web API Permission Prompts in Google Chrome prior to 115.0.5790.98 allowed a remote attacker to obfuscate security UI via a crafted HTML page. Chromium security severity: Medium...