Lucene search
K

78 matches found

Prion
Prion
added 2023/09/04 3:15 a.m.20 views

Information disclosure

In cta, there is a possible information disclosure due to a missing permission check. This could lead to local information disclosure with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: ALPS07978550; Issue ID: ALPS07978550...

1.7CVSS5.1AI score0.00078EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/09/04 12:0 a.m.8 views

WordPress WordPress CTA Plugin <= 1.5.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software WordPress CTA Type Plugin Vulnerable versions = 1.5.8 Fixed in 1.5.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e01853618b33 Credits István Márton Require...

6AI score0.00113EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.9 views

WordPress KPIS CTA Buttons Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)

Software KPIS CTA Buttons Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 2cbe82135686 Credits Rafie Muhammad Patchstack Require...

6.2AI score0.00284EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/05/23 12:0 a.m.5 views

PT-2023-21676 · Unknown · Vk All In One Expansion Unit

Name of the Vulnerable Software and Affected Versions: VK All in One Expansion Unit versions 9.88.1.0 and earlier Description: A cross-site scripting issue in the CTA post function allows a remote authenticated attacker to inject an arbitrary script. Recommendations: For versions 9.88.1.0 and...

5.4CVSS8.8AI score0.00613EPSS
Exploits0References6
wpexploit
wpexploit
added 2023/02/03 12:0 a.m.113 views

VK All in One Expansion Unit < 9.86.0.0 - Contributor+ Stored XSS

The plugin does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. Setup: The CTA Expansion...

5.4CVSS5.6AI score0.0056EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2022/08/01 2:15 p.m.3 views

CVE-2022-26429

In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID:...

7.8CVSS6.1AI score0.00091EPSS
Exploits0References2
NVD
NVD
added 2022/08/01 2:15 p.m.22 views

CVE-2022-26429

In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID:...

7.8CVSS0.00091EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/08/01 1:57 p.m.30 views

CVE-2022-26429

In cta, there is a possible way to write permission usage records of an app due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07025415; Issue ID:...

8AI score0.00091EPSS
Exploits0References1
CVE
CVE
added 2022/08/01 1:57 p.m.61 views

CVE-2022-26429

CVE-2022-26429 concerns a missing permission check in the cta component, enabling an app to write permission usage records. This constitutes a local privilege escalation vulnerability with a LOCAL attack vector, LOW privileges required, and NO user interaction needed. The NVD entry cites a patch ...

7.8CVSS7.7AI score0.00091EPSS
Exploits0References1Affected Software1
myhack58
myhack58
added 2019/06/13 12:0 a.m.270 views

We can control you see the content: mainstream IPTV remote code execution vulnerability analysis-vulnerability warning-the black bar safety net

About a year ago, Check Point Research Team found that the Ukrainian TV streaming platform, there is a serious vulnerability, once exploited, could enable service providers face a serious risk. Specifically, an attacker can get the entire customer database of personal information and financial...

Exploits0
Openbugbounty
Openbugbounty
added 2017/10/05 4:33 p.m.18 views

cta-usa.org Open Redirect vulnerability

Vulnerable URL: http://cta-usa.org/redirect.php?link=https%3A%2F%2Fopenbugbounty.org Details: Description| Value ---|--- Patched:| No Latest check for patch:| 03.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| 6804757 VIP website status:| No...

6.9AI score
Exploits0
Drupal
Drupal
added 2016/03/02 12:0 a.m.18 views

Hubspot CTA - Moderately Critical - Cross Site Scripting (XSS) - SA-CONTRIB-2016-012 - Unsupported

This module enables you to embed a Hubspot CTA buttons widget in a Bean block. The module allows configuration of a CTA ID and Account ID while adding a bean block for a CTA button, but doesn't sufficiently sanitise these parameters, allowing a potential cross-site scripting attack. This...

6.5AI score
Exploits0References11
Prion
Prion
added 2014/04/17 1:55 a.m.17 views

Information disclosure

EMC Cloud Tiering Appliance CTA 9.x through 10 SP1 and File Management Appliance FMA 7.x store DES password hashes for the root, super, and admin accounts, which makes it easier for context-dependent attackers to obtain sensitive information via a brute-force attack...

4.7CVSS6.6AI score0.00317EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2014/04/17 1:0 a.m.42 views

CVE-2014-0645

EMC Cloud Tiering Appliance (CTA) versions 9.x–10 SP1 and Cloud Tiering Appliance (CTA) 10.x/10 SP1 Vulnerabilities: two issues are described. First, CVE-2014-0645: default root/super/admin passwords are DES-encrypted and stored, enabling context-dependent attackers to brute-force sensitive data ...

4.7CVSS6.2AI score0.00317EPSS
Exploits1References3Affected Software2
CVE
CVE
added 2014/04/17 1:0 a.m.55 views

CVE-2014-0644

The CVE-2014-0644 flaw affects EMC Cloud Tiering Appliance (CTA) 10 through SP1, with an unauthenticated XXE in the/ api/login flow that permits reading arbitrary files (e.g., /etc/shadow) with root privileges. Public references describe an unauthenticated XXE arbitrary file read, and multiple ad...

7.8CVSS6.8AI score0.53342EPSS
Exploits2References3Affected Software2
Metasploit
Metasploit
added 2014/04/02 8:5 p.m.32 views

EMC CTA v10.0 Unauthenticated XXE Arbitrary File Read

EMC CTA v10.0 is susceptible to an unauthenticated XXE attack that allows an attacker to read arbitrary files from the file system with the permissions of the root user. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework...

7.8CVSS0.8AI score0.53342EPSS
Exploits2
CVE
CVE
added 2007/06/12 9:0 p.m.57 views

CVE-2007-3184

Cisco Trust Agent (CTA) for Mac OS X prior to 2.1(104).0 is vulnerable to a local, unauthenticated attack with physical access: when the ACS prompts a user notification after posture validation, an attacker can interact with the Apple Menu to bypass authentication and access System Preferences wi...

7.2CVSS6AI score0.00628EPSS
Exploits1References9Affected Software1
NVD
NVD
added 2007/04/02 11:19 p.m.18 views

CVE-2007-1800

Cisco Secure ACS does not require authentication when Cisco Trust Agent CTA transmits posture information, which might allow remote attackers to gain network access via a spoofed Network Endpoint Assessment posture, aka "NACATTACK." NOTE: this attack might be limited to authenticated users and...

7.5CVSS6.9AI score0.01433EPSS
Exploits0References4
Rows per page
Query Builder