360 matches found
CVE-2024-1107 IDOR in Talya Informatics' Travel APPS
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Travel APPS: before v17.0.68...
CVE-2023-33321 WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...
CVE-2024-21773
Multiple TP-LINK products allow a network-adjacent unauthenticated attacker with access to the product from the LAN port or Wi-Fi to execute arbitrary OS commands on the product that has pre-specified target devices and blocked URLs in parental control settings...
PT-2023-26905 · Unknown · Siberiancms
Name of the Vulnerable Software and Affected Versions: SiberianCMS affected versions not specified Description: The issue concerns improper access control, allowing an authorized user to disable a security feature over the network. Recommendations: At the moment, there is no information about a...
CVE-2022-27455
creationtimestamp| type| source ---|---|--- 2022-04-14 16:19:13+00:00| seen| https://t.me/cibsecurity/40768 2026-01-27 11:00:00+00:00| seen| https://www.cisa.gov/news-events/ics-advisories/icsa-26-027-02...
Command execution vulnerability in phpyun backend (CNVD-2021-37948)
phpyun a talent recruitment system built with PHP and MySQL databases. A command execution vulnerability exists in the backend of phpyun, which can be exploited by attackers to gain control of the server...
Mitsubishi Electric MELFA (Update A)
1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: Mitsubishi Electric Equipment: MELFA FR Series, MELFA CR Series, MELFA ASSISTA Vulnerability: Uncontrolled Resource Consumption 2. UPDATE INFORMATION This updated advisory is a follow-up to the original...
CVE-2019-15932
Intesync Solismed 3.3sp has Incorrect Access Control...
Linear eMerge 50P/5000P File Upload Vulnerability
The Linear eMerge 50P/5000P is an access control security system managed through a browser from Nortek Security & Control. A file upload vulnerability exists in the Linear eMerge 50P/5000P. An attacker could use this vulnerability to upload a file with an arbitrary extension to a directory in the...
Windows Defender ATP has protections for USB and removable devices
Meet Jimmy. Jimmy is an employee in your company. He Does Things With Computers official title. Last Wednesday, as Jimmy got out of his car after parking in the company-owned parking lot, he saw something on the ground. That something is a 512GB USB flash drive! Jimmy picks up the drive, whistlin...
Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow
Exploit for windows platform in category remote exploits Aladdin Knowledge Systems Ltd. PrivAgent ActiveX Control Overflow // heap spray for IE7 //calc - 196 bytes var shellcode =...
Update Protection against Directory Traversal Vulnerability in IBM Tivoli Access Manager
A vulnerability was reported in IBM Tivoli Access Manager. IBM Tivoli Access Manager provides access control security solutions. The vulnerability can be exploited via a specially crafted filename containing '../..' sequences. An attacker may attempt to exploit this vulnerability to place files o...
Two Vulnerabilities in ViewCVS
--------------------------------------------------------------------------- Two Vulnerabilities in ViewCVS --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2004 Location: Basque Country...
TOCTOU with NT System Service Hooking
TOCTOU Time-Of-Check-to-Time-Of-Use problem is known for a while 1. Nevertheless such bugs are still not uncommon. That is more or less acceptable for general software but not for security products. I believe there are drivers that hook kernel system services by well known technique 2,3,4. Those...
Windows Media Player 9 ActiveX control does not adequately validate access to Windows Media Library
Overview An ActiveX control included with Windows Media Player 9 does not adequately validate script access to the Windows Media Library. This could allow an attacker to read or modify data contained in the library. Description Windows Media Player 9 includes an ActiveX control that can be used t...
Buffer overflow in MSN Messanger
Buffer overflow on long font name in header and in OCX MSN Chat Control...
Доступ к защищенным файлам в AOLServer (unauthorized access)
Под Windows можно обойти защиту файлов паролем добавив к имени файла '.'...
Заткнут доступ к файлам в ColdFusion (unauthorized access)
Можно прочитать или удалить файлы, заменить содержимое файла нулями...
ssh-xauth.txt
The default SSH configuration for SSH1 and SSH2 allow for remote controlling of X sessions through X forwarding. All children of the SSH connection are able to tunnel X11 sessions through the X tunnel to the client X11 session. This is accomplished by running xauth upon logging in. If xauth is...
Security Update for Windows 2000 (KB979559)
A security issue has been identified that could allow an authenticated local attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...