37 matches found
BigProf Online Inventory Manager 跨站脚本漏洞
BigProf Online Inventory Manager is an online inventory management system developed by BigProf Corporation. Version 3.2 of BigProf Online Inventory Manager contains a cross-site scripting vulnerability. This vulnerability arises from the group description fields edited by administrators, which ha...
CVE-2021-41672
PEEL Shopping CMS 9.4.0 is vulnerable to authenticated SQL injection in utilisateurs.php. A user that belongs to the administrator group can inject a malicious SQL query in order to affect the execution logic of the application and retrive information from the database...
EUVD-2020-3196
Malware in sbrugna...
EUVD-2017-5538
Malware in sbrugna...
Couchbase Server 安全漏洞
Couchbase Server is a distributed open source NoSQL non-relational database from Couchbase, Inc. in the United States. It supports data query, full-text search and active global replication. A security vulnerability exists in Couchbase Server versions 7.6.x through 7.6.3. An attacker could exploi...
Aimeos Security Breach
Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. Aimeos has a security vulnerability that stems from improper access control in ai-admin-jsonadm, which allows an attacker to remove the administrator group and language environment configuration from the Aime...
Siemens 多款产品 安全漏洞
SIMATIC RTLS Locating Manager is used to configure, operate and maintain the SIMATIC RTLS unit, a real-time wireless positioning system that provides locating solutions. Siemens SIMATIC RTLS Locating Manager suffers from an incorrect assignment of critical resource privileges vulnerability, which...
Rockwell FactoryTalk Services Platform < 2.74 Privilege Escalation
The version of Rockwell FactoryTalk Services Platform installed on the remote Windows host is less than 2.74. It is, therefore, affected by a vulnerability. - A privilege escalation vulnerability exists in FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group...
CVE-2024-21915 Rockwell Automation FactoryTalk® Service Platform Elevated Privileges Vulnerability Through Web Service Functionality
A privilege escalation vulnerability exists in Rockwell Automation FactoryTalk® Service Platform FTSP. If exploited, a malicious user with basic user group privileges could potentially sign into the software and receive FTSP Administrator Group privileges. A threat actor could potentially read an...
CVE-2023-47020
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
Cross site request forgery (csrf)
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
CVE-2023-47020
Multiple Cross-Site Request Forgery CSRF chaining in NCR Terminal Handler v.1.5.1 allows privileges to be escalated by an attacker through a crafted request involving user account creation and adding the user to an administrator group. This is exploited by an undisclosed function in the WSDL that...
PT-2024-13398 · Ncr · Ncr Terminal Handler
Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue involves Multiple Cross-Site Request Forgery CSRF chaining, allowing an attacker to escalate privileges through a crafted request. This request involves user account creation and addin...
UBUNTU-CVE-2023-5182
Sensitive data could be exposed in logs of subiquity version 23.09.1 and earlier. An attacker in the adm group could use this information to find hashed passwords and possibly escalate their privilege...
CVE-2022-41688
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...
CVE-2022-41688
Delta Electronics InfraSuite Device Master versions 00.00.01a and prior lack proper authentication for functions that create and modify user groups. An attacker could provide malicious serialized objects that could run these functions without authentication to create a new user and add them to th...
CVE-2022-26309
Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group...
CVE-2022-26309
Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group...
Cross site request forgery (csrf)
Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group...
CVE-2022-26309 Cross-Site Request en Bulk operation (User operation)
Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation User operation resulting in elevation of privilege to Administrator group...