CVE-2024-12838

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators...

CVE-2024-12838 Changing Information Technology CGFIDO - Authentication Bypass

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted request to switch to the identity of any user, including administrators...

PT-2024-17758 · Changing Information Technology · Cgfido

Name of the Vulnerable Software and Affected Versions: CGFIDO affected versions not specified Description: The login mechanism via device authentication of CGFIDO from Changing Information Technology has an authentication bypass issue. If a user visits a forged website, the agent program deployed...

CVE-2024-10653

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server...

CVE-2024-10653 CHANGING Information Technology IDExpert - OS Command Injection

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrative privileges to inject and execute OS commands on the server...

CVE-2024-10651 CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files...

CVE-2024-10651 CHANGING Information Technology IDExpert - Arbitrary File Read through Path Traversal

IDExpert from CHANGING Information Technology does not properly validate a specific parameter in the administrator interface, allowing remote attackers with administrator privileges to exploit this vulnerability to read arbitrary system files...

PT-2024-16431 · Changing Information Technology · Idexpert

Name of the Vulnerable Software and Affected Versions: IDExpert from CHANGING Information Technology affected versions not specified Description: The issue is related to improper validation of a parameter for a specific functionality in IDExpert, allowing unauthenticated remote attackers to injec...

CVE-2024-40721

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path...

CVE-2024-40723

The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily...

CVE-2024-40720

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the HKEYCURRENTUSER registry to execute arbitrary commands...

CVE-2024-40723 CHANGING Information Technology HWATAIServiSign Windows Version - Stack-based Buffer Overflow

The specific API in HWATAIServiSign Windows Version from CHANGING Information Technology does not properly validate the length of server-side inputs. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the HWATAIServiSign, temporarily...

CVE-2024-40723

CVE-2024-40723 concerns HWATAIServiSign Windows Version from CHANGING Information Technology. The vulnerability is a stack-based buffer overflow caused by improper validation of the length of server-side inputs in a specific API. It can be triggered when an unauthenticated remote user visits a sp...

CVE-2024-40722 CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily...

CVE-2024-40722

CVE-2024-40722 affects the TCBServiSign Windows Version from CHANGING Information Technology. The vulnerability is caused by an API that does not properly validate the length of server-side input, enabling unauthenticated remote attackers to trigger a stack-based buffer overflow when a user visit...

CVE-2024-40722 CHANGING Information Technology TCBServiSign Windows Version - Stack-based Buffer Overflow

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does does not properly validate the length of server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause a stack-based buffer overflow in the TCBServiSign, temporarily...

CVE-2024-40721 CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path...

CVE-2024-40721

The CVE-2024-40721 entry concerns an improper server-side input validation in the API of the TCBServiSign Windows Version from CHANGING Information Technology . The flaw allows unauthenticated remote attackers to trigger loading a DLL from an arbitrary path when a user visits a spoofed website, i...

CVE-2024-40721 CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can cause the TCBServiSign to load a DLL from an arbitrary path...

CVE-2024-40720 CHANGING Information Technology TCBServiSign Windows Version - Improper Input Validation

The specific API in TCBServiSign Windows Version from CHANGING Information Technology does not properly validate server-side input. When a user visits a spoofed website, unauthenticated remote attackers can modify the HKEYCURRENTUSER registry to execute arbitrary commands...