CVE-2025-53105 GLPI permits unauthorized rules execution order

GLPI, which stands for Gestionnaire Libre de Parc Informatique, is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. In versions 10.0.0 to before 10.0.19, a connected user without administration rights can change th...

CVE-2022-45167

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users...

PT-2023-14625 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service exposed allows a basic user to access the profile information of all connected users. Recommendations: For Archibus Web Centra...

CVE-2022-45167

An issue was discovered in Archibus Web Central 2022.03.01.107. A service exposed by the application allows a basic user to access the profile information of all connected users...

The vulnerability in the functionality of Windows for connected users and telemetry allows a perpetrator to enhance their privileges.

The vulnerability of the functional capabilities for connected users and telemetry in the Windows operating system arises due to synchronization errors when using a shared resource. Exploiting this vulnerability can allow an attacker to increase their privileges...

CVE-2021-38931

IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server 11.1, and 11.5 is vulnerable to an information disclosure as a result of a connected user having indirect read access to a table where they are not authorized to select from. IBM X-Force ID: 210418...

GLPI 安全漏洞

GLPI is an open source IT and asset management software for individual developers. The software provides a full-featured IT resource management interface that you can use to build databases to fully manage IT computers, monitors, servers, printers, network devices, phones, and even toner cartridg...

PT-2021-18629 · Glpi · Glpi Dashboard Plugin

Name of the Vulnerable Software and Affected Versions: GLPI Dashboard plugin versions prior to 1.0.3 Description: The issue allows remote low-privileged users to bypass access control, enabling them to view sensitive information such as the last ten events, connected users, and users in the tech...

CVE-2019-19611

An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1...

CVE-2019-19611

An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1...

CVE-2019-19611

An issue was discovered in Halvotec RaQuest 10.23.10801.0. One of the exposed web services allows an anonymous user to access the list of connected users as well as the session cookie for each user. Fixed in Release 10.24.11206.1...

The vulnerability of the CDPSvc service of the Windows operating system, which allows a hacker to escalate their privileges

The vulnerability of the CDPSvc service for connected user devices in the Windows operating system is related to object handling errors in memory. Exploiting this vulnerability can allow an attacker to enhance their privileges through a specially created application...

Microsoft Windows: Do not enumerate connected users on domain-joined computers

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winenumerateconnectedusers.nasl 11337 2018-09-11 14:23:53Z emoss $ Check value for Do not enumerate connected users on domain-joined computers Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...

CVE-2017-16885

Improper Permissions Handling in the Portal on FiberHome LM53Q1 VH519R05C01S38 devices intended for obtaining information about Internet Usage, Changing Passwords, etc. allows remote attackers to look for the information without authenticating. The information includes Version of device, Firmware...

PT-2006-5826 · Phpmychat · Phpmychat

Name of the Vulnerable Software and Affected Versions: phpMyChat version 0.1 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter in the connected users.lib.php3 file. Recommendations: For phpMyChat version 0.1, consider restricting acce...