389 matches found
CVE-2017-15210
In Kanboard before 1.0.47, by altering form data, an authenticated user can see thumbnails of pictures from a private project of another user...
CVE-2017-12851
An authenticated standard user could reset the password of the admin by altering form data. Affects kanboard before 1.0.46...
CVE-2017-12851
CVE-2017-12851 affects Kanboard prior to 1.0.46. An authenticated standard user could reset the administrator password by altering form data in the request, exposing a password‑reset vulnerability in the admin account. Remediation guidance found in public references suggests upgrading to a fixed ...
CVE-2017-6872
A vulnerability was discovered in Siemens OZW672 all versions and OZW772 all versions that could allow an attacker with access to port 21/tcp to access or alter historical measurement data stored on the device...
CVE-2017-6872
Siemens OZW672 and OZW772 devices (all versions) are affected by CVE-2017-6872, allowing an attacker with access to Port 21/TCP to read or alter historical measurement data due to missing authentication in the built‑in service. The vulnerability is documented with CVSSv3 base score 6.5 (vector AV...
OSIsoft PI Web API 2017
CVSS v3 7.1 ATTENTION: Remotely exploitable/low skill level to exploit. Vendor: OSIsoft Equipment: PI Web API 2017 Vulnerability: Cross-Site Request Forgery AFFECTED PRODUCTS OSIsoft reports that the vulnerability affects the following PI Web API products: PI Web API versions prior to 2017 1.9.0...
CVE-2017-2094
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors...
Authentication flaw
Cybozu Garoon 3.0.0 to 4.2.3 allows remote authenticated attackers to bypass access restriction in Workflow and the "MultiReport" function to alter or delete information via unspecified vectors...
Oracle PeopleSoft Enterprise CS Campus Community Remote Vulnerability
Oracle PeopleSoft is a set of enterprise human capital management solutions from Oracle that provides human capital management, financial management, supplier relationship management, etc. PeopleSoft Enterprise CS Campus Community is one of the campus management components. A security vulnerabili...
Toshiba FlashAir does not require authentication in "Internet pass-thru Mode"
Overview FlashAir by Toshiba Corporation is a SDHC memory card which provides "Internet pass-thru Mode", allowing devices to access the internet while connecting to FlashAir. When configured in "Internet pass-thru Mode", FlashAir acts both as a station and as an access point. When "Internet...
Vulnerabilities in the Debian GNU/Linux operating system that allow a malicious individual to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the linux-headers-2.6.18-5-all-sparc package of the Debian GNU/Linux operating system may lead to breaches of confidentiality, integrity, and accessibility of protected information...
The vulnerability of the HP System Management Homepage software allows a perpetrator to obtain confidential information or alter data.
The vulnerability of the HP System Management Homepage software relates to errors in the code. Exploiting this vulnerability can allow a malicious actor, operating remotely, to obtain confidential information or alter data...
Design/Logic Flaw
The API on Fisher-Price Smart Toy Bear devices allows remote attackers to obtain sensitive information or modify data by leveraging presence in an 802.11 network's coverage area and entering an account number...
The vulnerability of the Oracle E-Business Suite system’s automation functionality allows a perpetrator to alter data.
The vulnerability of the Oracle Applications Framework component of the Oracle E-Business Suite automation system is related to errors in the code. Exploiting this vulnerability can allow attackers to alter data...
Vulnerabilities of the Red Hat Enterprise Linux operating system, which allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The XFree86-font-utils-4.3.0 package in the Red Hat Enterprise Linux operating system has multiple vulnerabilities. Exploitation of these vulnerabilities may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remote...
Vulnerabilities in the Debian GNU/Linux operating system that allow a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information
The multiple vulnerabilities in the libqt3c102-psql package of the Debian GNU/Linux operating system may lead to violations of the confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited remotely...
JVN#20812625: Advance-Flow vulnerable to SQL injection
Advance-Flow provided by OSK Co., LTD contains an issue in processing input data, which may result in SQL injection. Impact A user may obtain or alter information on the database. Solution Do not use Advance-Flow The developer has stated that the support of Advance-Flow has been discontinued thus...
acmailer contains a cross-site request forgery vulnerability
Overview Several cgi programs in acmailer contain a cross-site request forgery vulnerability. Kazuki Hirota of Keio University Keiji Takeda Research Group reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a...
Ninja Blog 4.8 - Remote Information Disclosure Vulnerability
No description provided by source. Vendor: http://ninjadesigns.co.uk Versions: Ninja Blog 4.8 May also affect earlier versions Credit: Danny Moules Critical: Yes See PUSH 55 Advisory at http://www.push55.co.uk/index.php?s=ad&id=6 ---- Due to insufficient validation of client-side data, we can alt...
MosP kintai kanri vulnerable to authentication bypass
Overview MosP kintai kanri contains an authentication bypass vulnerability. MosP kintai kanri is an open source attendance management software. MosP kintai kanri contains an authentication bypass vulnerability. Masako Ohno reported this vulnerability to IPA. JPCERT/CC coordinated with the develop...