13 matches found
CVE-2026-8076
CVE-2026-8076 concerns the CashDro 3 web administration panel (version 24.01.00.26). The identified issue is weak credentials enabling PIN-based authentication, which supports numeric PINs compatible with POS integrations dating back to 2012. This design allows an attacker to perform brute-force ...
CVE-2023-22636
An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through 7.0.4 may allow a local attacker to access confidential configuration files via a crafted http request...
Fortinet FortiWeb - Unauthorized Configuration Download (FG-IR-22-460)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-460 advisory. - An unauthorized configuration download vulnerability in FortiWeb 6.3.6 through 6.3.21, 6.4.0 through 6.4.2 and 7.0.0 through...
CVE-2023-45596
A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
CVE-2023-45596
The CVE-2023-45596 issue affects AiLux imx6 bundle prior to version imx6_1.0.7-2. A CWE-425 Direct Request/Forced Browsing vulnerability in the web app’s file_configuration functionality allows remote unauthenticated access to confidential configuration files. Root cause: missing/weak authorizati...
CVE-2023-45596
A CWE-425 “Direct Request 'Forced Browsing'” vulnerability in the “fileconfiguration” functionality of the web application allows a remote unauthenticated attacker to access confidential configuration files. This issue affects: AiLux imx6 bundle below version imx61.0.7-2...
CVE-2023-27465
A vulnerability has been identified in SIMOTION C240 All versions = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4 = V5.4, SIMOTION D445-2 DP/PN All versions = V5.4 = V5.4 = V5.4, SIMOTION P320-4 S All versions = V5.4. When operated with Security Level Low the device does not protect acces...
Siemens SIMOTION
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...
Fortinet FortiWeb 安全漏洞
Fortinet FortiWeb is a web application layer firewall from Fortinet that blocks threats such as cross-site scripting, SQL injection, cookie poisoning, schema poisoning and other attacks, secures web applications and protects sensitive database content. A security vulnerability exists that could b...
CVE-2022-22152
A Protection Mechanism Failure vulnerability in the REST API of Juniper Networks Contrail Service Orchestration allows one tenant on the system to view confidential configuration details of another tenant on the same system. By utilizing the REST API, one tenant is able to obtain information on...
Juniper Networks Contrail Service Orchestration Access Control Error Vulnerability
Juniper Networks Contrail Service Orchestration is a robust software platform from Juniper Networks USA, Inc. used to connect many enterprise and multi-tenant service provider solutions. Juniper Networks Contrail Service Orchestration suffers from an access control error vulnerability that stems...
The vulnerability in the web interface of Cisco Firepower Management Center’s software management interface allows a perpetrator to gain unauthorized access to confidential configuration information.
The vulnerability of the Cisco Firepower Management Center’s software network management interface is related to errors in the encryption of confidential information stored in the graphical interface configuration console. Exploiting this vulnerability can allow an attacker to gain unauthorized...
CVE-2020-6297
Under certain conditions the upgrade of SAP Data Hub 2.7 to SAP Data Intelligence, version - 3.0, allows an attacker to access confidential system configuration information, that should otherwise be restricted, leading to Information Disclosure...