84 matches found
HashiCorp Terraform 安全漏洞
HashiCorp Terraform is an open source tool for provisioning and managing cloud infrastructures from HashiCorp, USA. A security vulnerability exists in Terraform Enterprise prior to version v202207-1 that stems from not properly enforcing authorization rules for agent pools, which could result in ...
PT-2023-3015
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 9.0.5 Splunk Enterprise versions prior to 8.2.11 Splunk Enterprise versions prior to 8.1.14 Splunk Cloud Platform versions prior to 9.0.2303.100 Description A low-privileged user with the edit user capabilit...
PT-2023-2776 · Cisco · Cisco Dna Center
Name of the Vulnerable Software and Affected Versions: Cisco DNA Center Software affected versions not specified Description: The issue is related to weaknesses in the authorization procedure of the Cisco DNA Center application programming interface. It may allow a remote attacker to gain...
CVE-2023-24029
In Progress WSFTP Server before 8.8, it is possible for a host administrator to elevate their privileges via the administrative interface due to insufficient authorization controls applied on user modification workflows...
Progress Software WS_FTP Server 安全漏洞
Progress Software WSFTP Server is an effective and highly manageable FTP server from Progress Software, USA. A security vulnerability exists in Progress Software WSFTP Server that stems from insufficient authorization controls over user modifications to the workflow application, where host...
PT-2022-5525 · Cisco · Cisco Secure Email/Web Manager +2
Name of the Vulnerable Software and Affected Versions: Cisco Email Security Appliance ESA affected versions not specified Cisco Secure Email and Web Manager affected versions not specified Cisco Secure Web Appliance affected versions not specified Description: The issue is related to errors in...
Smart eVision 安全漏洞
Smart eVision Information Technology Smart eVision is a business intelligence platform of China Union Quan Information Technology Smart eVision Information Technology Company. Smart eVision is a business intelligence platform that combines business management rooms, dashboards, reports, and input...
PT-2022-2355 · Cisco · Cisco Sd-Wan Vmanage
Name of the Vulnerable Software and Affected Versions: Cisco SD-WAN vManage Software affected versions not specified Description: The issue is related to insufficient API authorization checking on the underlying operating system of the History API in Cisco SD-WAN vManage Software. This could allo...
PT-2022-3548 · Aethon · Aethon Tug Home Base Server
Name of the Vulnerable Software and Affected Versions: Aethon TUG Home Base Server versions prior to version 24 Description: The issue is related to weaknesses in the authorization procedure of the server. It allows a remote attacker to exploit the weakness, potentially enabling them to add and...
WordPress SiteGround Security plugin <= 1.2.5 - Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability
Authorization Weakness to Authentication Bypass via 2-Factor Authentication Back-up Codes vulnerability discovered by Chloe Chamberland Wordfence in WordPress SiteGround Security plugin versions = 1.2.5. Solution Update the WordPress SiteGround Security plugin to the latest available version at...
PT-2022-1959 · Webmin +1 · Webmin +1
Name of the Vulnerable Software and Affected Versions: webmin versions prior to 1.990 Description: The issue is related to improper access control in the webmin repository, which can lead to remote code execution. This is due to weaknesses in the authorization mechanism of the File Manager module...
Receita Federal IRPF 授权问题漏洞
Receita Federal Imposto de Renda Pessoa Física, a personal income tax application from Receita Federal, Inc. has an authorization problem vulnerability in Receita Federal IRPF that stems from a lack of authentication measures or insufficient authentication strength in the network system or produc...
PT-2021-2258 · Cisco · Cisco Webex Meetings
Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: A vulnerability in the distribution list feature of Cisco Webex Meetings could allow an authenticated, remote attacker to modify a distribution list that belongs to another use...
CVE-2019-19108 B&R Automation Runtime SNMP Authentication and Authorization Weakness
An authentication weakness in the SNMP service in B&R Automation Runtime versions 2.96, 3.00, 3.01, 3.06 to 3.10, 4.00 to 4.63, 4.72 and above allows unauthenticated users to modify the configuration of B&R products via SNMP...
The vulnerability of the transaction management function of the SAP Treasury and Risk Management software allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of the transaction management function in SAP Treasury and Risk Management involves deficiencies in the authorization mechanism. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected informati...
CloudBees Jenkins Build Failure Analyzer Plugin Authorization Issues Vulnerability
CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . An authorization issue vulnerability exists in CloudBees Jenkins Build Failure Analyzer Plugin 1.24.1 and prior versions. The vulnerability stems from a lack of...
CVE-2019-0057 NFX Series: An attacker may be able to take control of the JDM application and subsequently the entire system.
An improper authorization weakness in Juniper Networks Junos OS allows a local authenticated attacker to bypass regular security controls to access the Junos Device Manager JDM application and take control of the system. This issue affects: Juniper Networks Junos OS versions prior to 18.2R1,...
CVE-2017-17708
Because of insufficient authorization checks it is possible for any authenticated user to change profile data of other users in Pleasant Password Server before 7.8.3...
Workbench: Insufficient authorization constraints
It was discovered that the default authorization constrains applied on servelets deployed in the KIE Workbench application were insufficient. A remote, authenticated user without sufficient privileges could use this flaw to upload or download arbitrary files, perform privileged actions that...
chicomas 2.0.4 XSS / Database Disclosure
www.BugReport.ir AmnPardaz Security Research Team Title: chicomas Dtabase Information Disclosure POC: http://URL/chicomas/config.inc +--The Latest generated Database backups POC: http://URL/chicomas/backup +--Cross Site Scripting XSS. Reflected XSS attack in "index.php" in "q" parameter. POC:...