2475 matches found
CVE-2024-27162
Toshiba printers provide a web interface that will load the JavaScript file. The file contains insecure codes vulnerable to XSS and is loaded inside all the webpages provided by the printer. An attacker can steal the cookie of an admin user. As for the affected products/models/versions, see the...
WP-UserOnline 2.88.0 - Stored Cross Site Scripting (Authenticated) Vulnerability
Exploit Title: WP-UserOnline 2.88.0 - Stored Cross Site Scripting XSS Authenticated Google Dork: inurl:/wp-content/plugins/wp-useronline/ Exploit Author: Onur Göğebakan Vendor Homepage: https://github.com/lesterchan/wp-useronline Software Link:...
CVE-2024-28969
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28969
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28968
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the executio...
CVE-2024-28967
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...
CVE-2024-28968
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the executio...
CVE-2024-28966
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28969
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28968
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the executio...
CVE-2024-28968
Summary (CVE-2024-28968) Dell SCG (Dell Secure Connect Gateway) versions prior to 5.24.00.00 suffer an Improper Access Control vulnerability in the internal email and collection settings REST APIs (enabled by Admin from UI). A remote, low-privileged attacker could potentially cause execution of A...
CVE-2024-28968
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the executio...
CVE-2024-28967
Dell SCG (Secure Connect Gateway) vulnerable to improper access control in versions prior to 5.24.00.00 due to an exposed internal maintenance REST API that, if enabled by an Admin user from the UI, could allow a remote, low-privileged attacker to execute admin-only backend APIs associated with t...
CVE-2024-28967
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...
CVE-2024-28967
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal maintenance REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain API...
CVE-2024-28966
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for an internal update REST API if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain APIs...
CVE-2024-28965
CVE-2024-28965 affects Dell SCG prior to 5.24.00.00. The issue is an Improper Access Control in an internal enable REST API exposed by the SCG (if enabled via the UI by an Admin). A remote, low-privileged attacker could trigger internal APIs intended for Admin Users on the backend database, poten...
CVE-2024-25052 IBM Jazz Reporting Service information disclosure
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363...
CVE-2024-25052 IBM Jazz Reporting Service information disclosure
IBM Jazz Reporting Service 7.0.3 stores user credentials in plain clear text which can be read by an admin user. IBM X-Force ID: 283363...
CVE-2024-25052
IBM Jazz Reporting Service 7.0.3 is vulnerable to information disclosure due to storing user credentials in plain text, readable by an administrator. The issue affects the IBM Jazz Reporting Service and, when Jazz Authentication Service is enabled, can expose the JSA Client Secret in clear text. ...