CVE-2025-53105 GLPI permits unauthorized rules execution order

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

CVE-2022-45167

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users...

PT-2023-14625 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service exposed allows a basic user to access the profile information of all connected users. Recommendations: For Archibus Web Centra...

CVE-2022-45167

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users...

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418...

PT-2021-18629 · Glpi · Glpi Dashboard Plugin

Name of the Vulnerable Software and Affected Versions: GLPI Dashboard plugin versions prior to 1.0.3 Description: The issue allows remote low-privileged users to bypass access control, enabling them to view sensitive information such as the last ten events, connected users, and users in the tech...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

CVE-2019-19611

An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1...

CVE-2019-19611

An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1...

CVE-2019-19611

An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1...

Microsoft Windows: Do not enumerate connected users on domain-joined computers

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winenumerateconnectedusers.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Do not enumerate connected users on domain-joined computers Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

CVE-2017-16885

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices intended for obtaining information about Internet Usage, Changing Passwords, etc. allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware...

PT-2006-5826 · Phpmychat · Phpmychat

Name of the Vulnerable Software and Affected Versions: phpMyChat version 0.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter in the connected users.lib.php3 file. Recommendations: For phpMyChat version 0.1, consider restricting acce...