4200 matches found
Design/Logic Flaw
When access to the "admin" folder is not protected by some external authorization mechanisms e.g. Apache Basic Auth, it is possible for any user to download protected information like exam answers...
CVE-2023-6554
CVE-2023-6554 affects Tecnick TCExam (admin folder). The root cause is insufficient external authorization protection in the admin directory, allowing any user to download protected information such as exam answers when access is not gated by mechanisms like Apache Basic Auth. Impact is confident...
CVE-2023-29447
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...
Design/Logic Flaw
An insufficiently protected credentials vulnerability in KEPServerEX could allow an adversary to capture user credentials as the web server uses basic authentication...
CVE-2023-29447
CVE-2023-29447 concerns an insubstantial protection of credentials in PTC Kepware KepServerEX, where the web server uses basic authentication. The Red Hat/NVD entries confirm the vulnerability in KepServerEX and describe that an attacker could capture credentials, potentially enabling a MitM scen...
UAC-0099 Using WinRAR Exploit to Target Ukrainian Firms with LONEPAGE Malware
The threat actor known as UAC-0099 has been linked to continued attacks aimed at Ukraine, some of which leverage a high-severity flaw in the WinRAR software to deliver a malware strain called LONEPAGE. "The threat actor targets Ukrainian employees working for companies outside of Ukraine,"...
Dell BIOS Security Vulnerability
Dell BIOS is embedded software on a small memory chip on a computer motherboard from Dell USA. A security vulnerability exists in Dell BIOS, which stems from pre-boot direct access to memory, and can be exploited by an attacker to execute arbitrary code on the device...
at51 (>=0.1.1 <=0.4.1), atrac3p-decoder (>=0.1.0 <=0.1.2) +51 more potentially affected by CVE-2023-53156 via transpose (=0.1.0)
transpose CARGO version =0.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on transpose and may be impacted: - at51 =0.1.1, =0.1.0, =0.7.0, =0.7.0, =0.7.0, =0.7.0, =1.2.0, =1.2.0, =1.2.0, =1.2.0, =2.6.2, =0.6.0, =0.1.0, =0.1.0, =0.1.1 and more Source...
CVE-2023-40655
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla...
CVE-2023-40655
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla...
Cross site scripting
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla...
CVE-2023-40655 Extension - mooj.org - Reflected XSS in Proforms Basic component for Joomla <= 1.6.0
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla...
CVE-2023-40655 Extension - mooj.org - Reflected XSS in Proforms Basic component for Joomla <= 1.6.0
A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla...
CVE-2023-40655
The CVE-2023-40655 entry concerns a reflected XSS in the Proforms Basic component for Joomla. Multiple sources (NVD, Red Hat, CVE List, Vulnrichment, and others) describe it as a reflected XSS affecting the Proforms Basic extension for Joomla, but none provide explicit affected versions or concre...
Joomla Security Breach
Joomla is an open source, cross-platform content management system CMS developed by the Open Source Matters team using PHP and MySQL. A security vulnerability exists in Joomla that originates from a reflected cross-site scripting vulnerability in the Proforms Basic component...
PT-2023-27577 · Joomla · Proforms Basic
Name of the Vulnerable Software and Affected Versions: Proforms Basic component for Joomla affected versions not specified Description: A reflected XSS vulnerability was discovered in the Proforms Basic component for Joomla. Recommendations: At the moment, there is no information about a newer...
The vulnerability of the BIOS loading, update, backup, and recovery utility from the Phoenix WinPhlash flash device (previously known as Phoenix SecureCore Tiano WinFlash) is related to deficiencies in access control mechanisms, allowing attackers to escalate their privileges.
The vulnerability of the BIOS loading, backup, and recovery utility for the Phoenix WinPhlash flash device previously known as Phoenix SecureCore Tiano WinFlash is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to enhance their privileges...
JTEKT ELECTRONICS HMI GC-A2 series Security Breach
JTEKT ELECTRONICS HMI GC-A2 series is a series of HMIs from JTEKT. The JTEKT ELECTRONICS HMI GC-A2 series suffers from a security vulnerability that originates from a Denial of Service DoS in the NetBIOS service, which can be exploited by an attacker to send specially crafted packets to a specifi...
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...