Lucene search
K

389 matches found

Debian CVE
Debian CVE
added 2017/10/10 5:0 a.m.36 views

CVE-2017-15210

In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...

4.3CVSS2.8AI score0.01076EPSS
Exploits0
OSV
OSV
added 2017/08/14 8:29 p.m.19 views

CVE-2017-12851

An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46...

8.8CVSS6.8AI score
Exploits0References2
CVE
CVE
added 2017/08/14 8:0 p.m.61 views

CVE-2017-12851

CVE-2017-12851 affects Kanboard prior to 1.0.46. An authenticated standard user could reset the administrator password by altering form data in the request, exposing a password‑reset vulnerability in the admin account. Remediation guidance found in public references suggests upgrading to a fixed ...

8.8CVSS8.6AI score0.0133EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2017/08/08 12:0 a.m.21 views

CVE-2017-6872

A vulnerability was discovered in Siemens OZW672 all versions and OZW772 all versions that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device...

6.4AI score0.00761EPSS
Exploits0References2
CVE
CVE
added 2017/08/08 12:0 a.m.48 views

CVE-2017-6872

Siemens OZW672 and OZW772 devices (all versions) are affected by CVE-2017-6872, allowing an attacker with access to Port 21/TCP to read or alter historical measurement data due to missing authentication in the built‑in service. The vulnerability is documented with CVSSv3 base score 6.5 (vector AV...

6.5CVSS6.3AI score0.00761EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2017/06/13 12:0 a.m.46 views

OSIsoft PI Web API 2017

CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API 2017 Vulnerability: Cross-Site Request Forgery AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI Web API products: PI Web API versions prior to 2017 1.9.0...

8.8CVSS9.3AI score0.00826EPSS
Exploits0References3
OSV
OSV
added 2017/04/28 4:59 p.m.4 views

CVE-2017-2094

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors...

4.3CVSS5.8AI score
Exploits0References3
Prion
Prion
added 2017/04/28 4:59 p.m.18 views

Authentication flaw

Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors...

4CVSS4.6AI score0.01056EPSS
Exploits0References3Affected Software1
CNVD
CNVD
added 2017/04/19 12:0 a.m.3 views

Oracle PeopleSoft Enterprise CS Campus Community Remote Vulnerability

Oracle PeopleSoft is a set of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise CS Campus Community is one of the campus management components. A security vulnerabili...

6.5CVSS6.8AI score0.01683EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/10/12 1:3 a.m.6 views

Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"

Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...

5.4CVSS7.3AI score0.00711EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2016/07/06 12:0 a.m.6 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the linux-headers-2.6.18-5-all-sparc package of the Debian GNU/Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information...

7.2CVSS5.5AI score0.0082EPSS
Exploits2References9Affected Software1
BDU FSTEC
BDU FSTEC
added 2016/03/31 12:0 a.m.7 views

The vulnerability of the HP System Management Homepage software allows a perpetrator to obtain confidential information or alter data.

The vulnerability of the HP System Management Homepage software relates to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information or alter data...

5.5CVSS7.5AI score0.01956EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2016/02/04 11:59 a.m.18 views

Design/Logic Flaw

The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number...

6.5CVSS6.8AI score0.02289EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2015/11/05 12:0 a.m.6 views

The vulnerability of the Oracle E-Business Suite system’s automation functionality allows a perpetrator to alter data.

The vulnerability of the Oracle Applications Framework component of the Oracle E-Business Suite automation system is related to errors in the code. Exploiting this vulnerability can allow attackers to alter data...

4CVSS7.2AI score0.01318EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.5 views

Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The XFree86-font-utils-4.3.0 package in the Red Hat Enterprise Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remote...

10CVSS7.7AI score0.03566EPSS
Exploits1References6Affected Software1
BDU FSTEC
BDU FSTEC
added 2015/04/28 12:0 a.m.8 views

Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the libqt3c102-psql package of the Debian GNU/Linux operating system may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...

7.5CVSS5.4AI score0.04203EPSS
Exploits0References5Affected Software1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/08/19 12:0 a.m.38 views

JVN#20812625: Advance-Flow vulnerable to SQL injection

Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Impact A user may obtain or alter information on the database. Solution Do not use Advance-Flow The developer has stated that the support of Advance-Flow has been discontinued thus...

7.5CVSS6.8AI score0.01164EPSS
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2014/07/29 5:15 a.m.4 views

acmailer contains a cross-site request forgery vulnerability

Overview Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a...

6.8CVSS6.6AI score0.00924EPSS
Exploits1References5
seebug.org
seebug.org
added 2014/07/01 12:0 a.m.15 views

Ninja Blog 4.8 - Remote Information Disclosure Vulnerability

No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alt...

7.1AI score
Exploits0
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2012/11/02 5:18 a.m.4 views

MosP kintai kanri vulnerable to authentication bypass

Overview MosP kintai kanri contains an authentication bypass vulnerability. MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...

6.5CVSS6.8AI score0.01139EPSS
Exploits0References5
Rows per page
Query Builder