408 matches found
PT-2024-1614 · Emerson · Emerson Rosemount Gc700Xa +2
Name of the Vulnerable Software and Affected Versions: Emerson Rosemount GC370XA, GC700XA, and GC1500XA products affected versions not specified Description: The issue is related to weaknesses in the authentication procedure of Emerson Rosemount GC1500XA, GC700XA, and GC370XA products. An...
The vulnerability in the built-in command-line interface (CLI) of the Jenkins automation server allows a attacker to execute a CSWSH attack.
The vulnerability in the built-in command-line interface CLI of the Jenkins automation server is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute a CSWSH attack remotely...
PT-2024-2034 · Otrs · Otrs
Name of the Vulnerable Software and Affected Versions: OTRS versions 7.0.X through 7.0.48 OTRS versions 8.0.X through 8.0.37 OTRS versions 2023.X through 2023.1.1 Description: The issue is related to the handling of attachments in ticket comments, allowing another user to add attachments...
PT-2024-2633 · Unknown · Myq Print Server
Name of the Vulnerable Software and Affected Versions: MyQ Print Server versions prior to 8.2 patch 43 Description: The issue is related to the administrative interface of the MyQ Print Server, where remote authenticated administrators can execute arbitrary code via PHP scripts. This is due to...
The vulnerability in the Makefile file set for the Linux Buildroot operating system allows a hacker to execute a type of “man-in-the-middle” attack.
The vulnerability in the Makefile set for the Linux Buildroot operating system is related to deficiencies in the authentication process. Exploiting this vulnerability allows a remote attacker to execute a “man-in-the-middle” type attack...
CVE-2023-6595
In WhatsUp Gold versions released before 2023.1, an API endpoint was found to be missing an authentication mechanism. It is possible for an unauthenticated attacker to enumerate ancillary credential information stored within WhatsUp Gold...
The vulnerability of the printing control software in PaperCut MF and PaperCut NG, related to deficiencies in authentication procedures, allows attackers to escalate their privileges.
The vulnerability of the printing control software in PaperCut MF and PaperCut NG is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers to enhance their privileges...
The vulnerabilities of the `pmdm_wp_change_user_meta` and `pmdm_wp_change_post_meta` functions in the Post Meta Data Manager plugin for the WordPress content management system allow a hacker to increase their privileges.
The vulnerability of the pmdmwpchangeusermeta and pmdmwpchangepostmeta functions in the Post Meta Data Manager plugin for the WordPress content management system is related to an incorrect authentication process. Exploiting this vulnerability can allow a malicious actor to gain increased privileg...
The vulnerability of the software implementation of the GTP protocol (GPRS Tunneling Protocol) for Open5GS mobile communication networks lies in the lack of authentication for a critical function, allowing attackers to access confidential information.
The vulnerability of the software implementation of the GTP protocol GPRS Tunneling Protocol for mobile communication networks based on Open5GS is related to the absence of authentication for the critical function. Exploiting this vulnerability can allow a malicious actor to gain access to...
CVE-2023-41965
Sending some requests in the web application of the vulnerable device allows information to be obtained due to the lack of security in the authentication process...
PT-2023-5053 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to weaknesses in the authentication procedure of the Microsoft Exchange Server, allowing a remote attacker to conduct spoofing attacks. This can...
The vulnerability of the PAMcheckPasswd() function, a utility for managing and monitoring processes, programs, files, and Monit directories, allows a perpetrator to increase their privileges.
The vulnerability of the PAMcheckPasswd function, a utility for managing and monitoring processes, programs, files, and Monit directories, is related to deficiencies in authentication procedures. Exploiting this vulnerability could allow an attacker to increase their privileges remotely...
PT-2023-5298 · Unknown · Modulys Gp
Name of the Vulnerable Software and Affected Versions: MODULYS GP MOD3GP-SY-120K affected versions not specified Description: The issue is related to the lack of security in the authentication process of the web application, allowing information to be obtained by sending specific requests. This i...
PT-2023-5220 · Ibm · Ibm Aspera Faspex
Name of the Vulnerable Software and Affected Versions: IBM Aspera Faspex version 5.0.5 Description: The issue is related to improper access controls, allowing a remote attacker to bypass IP restrictions. This is due to insufficient authentication data verification, which can impact the integrity ...
The vulnerability of the SCADA system SCADA Data Gateway (SDG) is related to deficiencies in authentication procedures. This allows attackers to bypass security restrictions and gain unauthorized access to the system.
The vulnerability of the SCADA system, SCADA Data Gateway SDG, is related to deficiencies in authentication procedures. Exploiting this vulnerability allows a malicious actor to bypass security restrictions and gain unauthorized access to the system...
EmpowerID Authorization Issues Vulnerability
EmpowerID is an all-in-one identity management and cloud security suite from EmpowerID. A security vulnerability previously existed in EmpowerID version 7.205.0.1, which stemmed from an insecurity in the multiple authentication mechanism. It was possible to modify an account's email address after...
The vulnerability of the microprogramming software of the Link DIR-885L, which allows a hacker to increase their privileges
The vulnerability of the Link DIR-885L router’s microprogramming software is related to deficiencies in authentication procedures. Exploiting this vulnerability can allow attackers, operating remotely, to increase their privileges...
PT-2023-4061 · D Link · D-Link Dir-895
Name of the Vulnerable Software and Affected Versions: D-Link DIR-895 version FW102b07 Description: The issue is related to a function called phpcgi main in the D-Link DIR-895 router's firmware, which has weaknesses in its authentication procedure. This can be exploited by a remote attacker to ga...
VulnCheck KEV: CVE-2022-0732
The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR Insecure Direct Object Reference vulnerability...
The vulnerability of the MyHandlerInterceptor class in the ProSafe Network Management NMS300 system’s management, diagnosis, and optimization of network device operations allows a perpetrator to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the MyHandlerInterceptor class in the ProSafe Network Management NMS300 system, which is used for management, diagnosis, and optimization of network device operations, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a...