Lucene search
K

43 matches found

OSV
OSV
added 2024/03/14 3:15 a.m.6 views

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

4.3CVSS5.8AI score0.00395EPSS
Exploits0References1
NVD
NVD
added 2024/03/14 3:15 a.m.9 views

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

4.3CVSS6.5AI score0.00395EPSS
Exploits0References1
OSV
OSV
added 2024/03/14 3:15 a.m.5 views

CVE-2024-25652

In Delinea PAM Secret Server 11.4, it is possible for a user assigned "Administer Reports" permission and/or with access to Report functionality via UNLIMITED ADMIN MODE with access to the Report functionality to gain unauthorized access to remote sessions created by legitimate users through...

8.4CVSS5.8AI score0.0059EPSS
Exploits0References4
Prion
Prion
added 2024/03/14 3:15 a.m.22 views

Improper access control

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

7.1AI score0.00395EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/03/14 12:0 a.m.6 views

PT-2024-21069 · Delinea · Delinea Pam Secret Server

Name of the Vulnerable Software and Affected Versions: Delinea PAM Secret Server version 11.4 Description: The issue allows unprivileged users to view system reports and modify custom reports via the Report functionality in the Web UI when Unlimited Admin Mode is enabled. Recommendations: For...

4.3CVSS7.1AI score0.00395EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/03/14 12:0 a.m.12 views

CVE-2024-25653

Broken Access Control in the Report functionality of Delinea PAM Secret Server 11.4 allows unprivileged users, when Unlimited Admin Mode is enabled, to view system reports and modify custom reports via the Report functionality in the Web UI...

6.8AI score0.00395EPSS
Exploits0References1
CNNVD
CNNVD
added 2022/02/02 12:0 a.m.6 views

Insyde InsydeH2O 权限许可和访问控制问题漏洞

Insyde InsydeH2O is a C source from Insyde Software Taiwan, China that implements the new technology "EFI/UEFI" specification, designed to replace the traditional BIOS Basic Input/Output System. The vulnerability could be exploited to hijack the execution flow of code running in system...

8.2CVSS5.8AI score0.00351EPSS
Exploits0References7
OSV
OSV
added 2021/12/14 4:15 p.m.3 views

CVE-2021-41066

An issue was discovered in Listary through 6. When Listary is configured as admin, Listary will not ask for permissions again if a user tries to access files on the system from Listary itself it will bypass UAC protection; there is no privilege validation of the current user that runs via Listary...

7.5CVSS5.8AI score0.01304EPSS
Exploits0References2
CNNVD
CNNVD
added 2021/06/14 12:0 a.m.4 views

Dell PowerEdge Server 缓冲区错误漏洞

Dell PowerEdge Server BIOS is a system update driver from Dell Dell. A security vulnerability exists in Dell PowerEdge Server, which can be exploited by an attacker to cause a denial of service, arbitrary code execution, or information disclosure in system administration mode...

8.1CVSS6AI score0.00346EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/12/16 7:20 a.m.2 views

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS5.8AI score0.0136EPSS
Exploits0References4
OSV
OSV
added 2020/10/16 2:15 p.m.6 views

CVE-2020-14299

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS6.7AI score0.0136EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2020/10/13 5:1 p.m.4 views

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS5.8AI score0.0136EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/13 4:50 p.m.6 views

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS5.8AI score0.0136EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/10/13 4:49 p.m.4 views

picketbox: JBoss EAP reload to admin-only mode allows authentication bypass

A flaw was found in JBoss EAP, where the authentication configuration is set-up using a legacy SecurityRealm, to delegate to a legacy PicketBox SecurityDomain, and then reloaded to admin-only mode. This flaw allows an attacker to perform a complete authentication bypass by using an arbitrary user...

6.5CVSS5.8AI score0.0136EPSS
Exploits0References4
Microsoft KB
Microsoft KB
added 2020/04/13 12:0 a.m.64 views

Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014

Microsoft Security Advisory: Registry update to improve credentials protection and management for Windows-based systems that have the 2919355 update installed: July 8, 2014 INTRODUCTION Microsoft has released a Microsoft security advisory about this issue for IT professionals. The security adviso...

6.4AI score
Exploits0
Kitploit
Kitploit
added 2020/03/06 9:0 p.m.159 views

SharpRDP - Remote Desktop Protocol .NET Console Application For Authenticated Command Execution

To compile open the project in Visual Studio and build for release. Two DLLs will be output to the Release directory, you do not need those because the DLLs are in the assembly. If you do not want to use the provided DLLs you will need to .NET SDK to create the AxMSTSCLib.dll DLL. To create it...

7.5AI score
Exploits0References3
Kitploit
Kitploit
added 2020/01/09 11:30 a.m.213 views

Stowaway - Multi-hop Proxy Tool For Pentesters

Stowaway is Multi-hop proxy tool for security researchers and pentesters Users can easily proxy their network traffic to intranet nodes multi-layer PS: The files under demo folder are Stowaway's beta version,it's still functional, you can check the detail by README.md file under the demo folder...

7.6AI score
Exploits0References3
NVD
NVD
added 2019/11/29 6:15 p.m.20 views

CVE-2019-16767

The admin sys mode is now conditional and dedicated for the special case. By default, since [email protected] no instance container is launched with advanced capabilities not launched as root...

9CVSS6.7AI score0.00806EPSS
Exploits0References3
OSV
OSV
added 2019/02/07 7:29 p.m.8 views

CVE-2019-7587

Bo-blog Wind through 1.6.0-r allows SQL Injection via the admin.php/comments/batchdel/ comID parameter because this parameter is mishandled in the mode/admin.mode.php delBlockedBatch function...

9.8CVSS8.1AI score
Exploits0References1
0day.today
0day.today
added 2017/04/17 12:0 a.m.50 views

Huawei HG532n Command Injection Exploit

This Metasploit module exploits a command injection vulnerability in the Huawei HG532n routers provided by TE-Data Egypt, leading to a root shell. The router's web interface has two kinds of logins, a "limited" user:user login given to all customers and an admin mode. The limited mode is used her...

7.6AI score
Exploits0
Rows per page
Query Builder