VaulTLS 安全漏洞

VaulTLS is a modern solution from Emily Ehlert Personal Developer to easily manage mTLS two-way TLS certificates. A security vulnerability exists in VaulTLS versions prior to 0.9.1 that stems from an empty password setup and API login bypass, which could lead to unauthorized access...

CVE-2023-4103

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

NetIQ Advanced Authentication 安全漏洞

NetIQ Advanced Authentication is an application from NetIQ UK. It provides a more secure way to protect your sensitive information by moving away from usernames and passwords. A brute force vulnerability exists in NetIQ Advanced Authentication versions prior to 6.3.5.1, which stems from not...

Booking.com: Default Admin Account lead to full access control at https://desk-demo.fareharbor.engineering

Login to the application at https://desk-demo.fareharbor.engineering/login with [email protected], password: test F3271060 2. Realizing that the login is successful, the attacker can use all functions in the application. F3271059 Impact attacker can use all admin functions...

Customer Support System 1.0 SQL Injection Vulnerability

Customer Support System version 1.0 suffers from a remote SQL injection vulnerability in /customersupport/ajax.php. Original discovery of SQL injection in this version is attributed to Ahmed Abbas in November of 2020. Exploit Title: Customer Support System 1.0 - Multiple SQL injection...

Design/Logic Flaw

The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...

CVE-2023-4103 Multiple vulnerabilities in IDM Sistemas QSige

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

CVE-2023-4103 Multiple vulnerabilities in IDM Sistemas QSige

QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

CVE-2023-4099 Multiple vulnerabilities in IDM Sistemas QSige

The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application...

CVE-2023-4098 Multiple vulnerabilities in IDM Sistemas QSige

It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...

PT-2023-27725 · Idm Sistemas Qsige +1 · Qsige

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The file upload functionality is not implemented correctly, allowing the upload of any type of file. An attacker must log into the application with a valid username to exploit this...

CVE-2023-37858

PHOENIX CONTACT WP 6xxx series web panels (versions

IBM MQ Appliance Denial of Service Vulnerability (CNVD-2022-36974)

IBM MQ Appliance is an all-in-one appliance for rapid deployment of enterprise-class messaging middleware from IBM U.S.A. A denial-of-service vulnerability exists in IBM MQ Appliance, which can be exploited by attackers to conduct denial-of-service attacks via the application login component...

OPENSUSE-SU-2021:1274-1 Security update for fail2ban

This update for fail2ban fixes the following issues: - CVE-2021-32749: prevent a command injection via mail command boo1188610 - Integrate change to resolve boo1146856 and boo1180738 Update to 0.11.2 - increased stability, filter and action updates New Features and Enhancements fail2ban-regex: -...

CVE-2021-35050

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. In the event that an attacker gains access to the CommandPost, these values could be decoded and used to login to the application. The vulnerability is present in Fidelis Network and Deception versio...

CVE-2019-20483

An issue was discovered in Viki Vera 4.9.1.26180. An attacker could set a user's last name to an XSS Payload, and read another user's cookie and use that to login to the application...

CVE-2016-11017

The application login page in AKIPS Network Monitor 15.37 through 16.5 allows a remote unauthenticated attacker to execute arbitrary OS commands via shell metacharacters in the username parameter a failed login attempt returns the command-injection output to a limited login failure field. This is...

CVE-2019-5891

An issue was discovered in OverIT Geocall 6.3 before build 2:346977. An unauthenticated servlet allows an attacker to obtain a cookie of an authenticated user, and login to the web application...

CVE-2017-6028

An Insufficiently Protected Credentials issue was discovered in Schneider Electric Modicon PLCs Modicon M241, all firmware versions, and Modicon M251, all firmware versions. Log-in credentials are sent over the network with Base64 encoding leaving them susceptible to sniffing. Sniffed credentials...

Elastic Path 4.1 - manager/getImportFileRedirect.jsp file Parameter Traversal Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/28352/info Elastic Path is prone to multiple input-validation vulnerabilities because it fails to properly sanitize user-supplied input. These issues include: - A local file-include vulnerability. - An arbitrary file-uplo...