Lucene search
K

243 matches found

OSV
OSV
added 2021/07/16 5:15 p.m.6 views

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

9.8CVSS5.8AI score0.02002EPSS
Exploits0References3
Prion
Prion
added 2021/07/16 5:15 p.m.13 views

Authentication flaw

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

6.8CVSS9.1AI score0.02002EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2021/07/16 4:50 p.m.17 views

CVE-2020-4821

IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1, under certain configurations, could allow a user to bypass authentication mechanisms using an empty password string. IBM X-Force ID: 189834...

5.9CVSS9.2AI score0.02002EPSS
Exploits0References3
CVE
CVE
added 2021/07/16 4:50 p.m.35 views

CVE-2020-4821

This CVE-2020-4821 affects IBM InfoSphere Data Replication 11.4 and IBM InfoSphere Change Data Capture for z/OS 10.2.1. The vulnerability allows authentication bypass when configured to use LDAP with anonymous binding, via an empty password. IBM bulletins (Security Bulletin: IBM Data Replication ...

9.8CVSS9.2AI score0.02002EPSS
Exploits0References3Affected Software1
Hacker One
Hacker One
added 2021/07/03 5:36 p.m.18 views

Glassdoor: CSS injection via link tag whitelisted-domain bypass - https://www.glassdoor.com

Summary: It is possible load an arbitrary .css file. Bypassing the protections by adding the domain https://www.glassdoor.com in a parameter/path. Affected URL or select Asset from In-Scope: -...

0.4AI score
Exploits0
CNVD
CNVD
added 2021/07/01 12:0 a.m.9 views

IBM Datacap Taskmaster Capture SQL Injection Vulnerability

IBM Datacap Taskmaster Capture is a complete solution for document and data capture from IBM USA. Data and document images can be scanned, categorized, identified, validated, verified and exported quickly, accurately and cost-effectively. IBM Datacap Taskmaster Capture suffers from a SQL injectio...

8.8CVSS7.4AI score0.00968EPSS
Exploits0References1
Prion
Prion
added 2021/06/24 4:15 p.m.19 views

Sql injection

DHIS 2 is an information system for data capture, management, validation, analytics and visualization. A SQL injection security vulnerability has been found in specific versions of DHIS2. This vulnerability affects the /api/trackedEntityInstances API endpoint in DHIS2 versions 2.34.4, 2.35.2,...

6.5CVSS8.9AI score0.00769EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2021/04/13 9:15 p.m.6 views

CVE-2021-3473

An internal product security audit of Lenovo XClarity Controller XCC discovered that the XCC configuration backup/restore password may be written to an internal XCC log buffer if Lenovo XClarity Administrator LXCA is used to perform the backup/restore. The backup/restore password typically exists...

4.9CVSS6AI score0.00478EPSS
Exploits0References1
OSV
OSV
added 2021/03/09 5:15 p.m.5 views

CVE-2021-3417

An internal product security audit of LXCO, prior to version 1.2.2, discovered that credentials for Lenovo XClarity Administrator LXCA, if added as a Resource Manager, are encoded then written to an internal LXCO log file each time a session is established with LXCA. Affected logs are captured in...

4.9CVSS5.8AI score0.00542EPSS
Exploits0References1
OSV
OSV
added 2021/02/10 9:15 p.m.6 views

CVE-2020-8355

An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...

4.9CVSS5.8AI score0.00511EPSS
Exploits0References1
Cvelist
Cvelist
added 2021/02/10 9:5 p.m.37 views

CVE-2020-8355

An internal product security audit of Lenovo XClarity Administrator LXCA prior to version 3.1.0 discovered the Windows OS credentials provided by the LXCA user to perform driver updates of managed systems may be captured in the First Failure Data Capture FFDC service log if the service log is...

4.9CVSS5.2AI score0.00511EPSS
Exploits0References1
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.7 views

Lenovo Lenovo XClarity Administrator Information Disclosure Vulnerability

Lenovo XClarity Administrator LXCA is a centralized resource management solution from Lenovo, China. The product provides agentless hardware management for servers, storage, network switches, and more. An information disclosure vulnerability exists in Lenovo XClarity Administrator, which stems fr...

4.9CVSS5.8AI score0.00511EPSS
Exploits0References2
Citrix
Citrix
added 2020/11/09 12:0 a.m.5 views

CTXReports

CTXReports Tool Version 1.0 Created Date: January 30, 2009 Updated Date: January 30, 2009 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to...

7AI score
Exploits0
Hacker One
Hacker One
added 2020/10/21 1:47 p.m.72 views

Shopify: Bypass For #997350 your-store.myshopify.com preview link is leak on third party website Via Online Store

Hi Security Team, Description Full Description in 997350 The owner of that website can perform a security compromise by grabbing those links. Solution: The solution is very very SIMPLE. Just include the following HTML code in the following in code between tags of the html of the page: This will n...

0.1AI score
Exploits0
Fedora
Fedora
added 2020/04/25 2:43 a.m.54 views

[SECURITY] Fedora 30 Update: wireshark-3.2.3-1.fc30

Wireshark allows you to examine protocol data stored in files or as it is captured from wired or wireless WiFi or Bluetooth networks, USB devices, and many other sources. It supports dozens of protocol capture file formats and understands more than a thousand protocols. It has many powerful...

7.5CVSS7.7AI score0.03242EPSS
Exploits4
NVD
NVD
added 2020/01/06 8:15 p.m.25 views

CVE-2019-16273

DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge adb, leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the...

10CVSS9.7AI score0.02327EPSS
Exploits0References1
Prion
Prion
added 2020/01/06 8:15 p.m.20 views

Code injection

DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge adb, leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the...

10CVSS9.5AI score0.02327EPSS
Exploits0References1Affected Software2
CVE
CVE
added 2020/01/06 7:55 p.m.97 views

CVE-2019-16273

DTEN D5/D7 devices pre-1.3.4 are vulnerable to unauthenticated root shell access via Android Debug Bridge (ADB), enabling arbitrary code execution and system administration. The issue also enables a covert ability to capture Windows Zoom Client data by executing commands on the Android OS. Affect...

10CVSS9.6AI score0.02327EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/06 7:55 p.m.23 views

CVE-2019-16273

DTEN D5 and D7 before 1.3.4 devices allow unauthenticated root shell access through Android Debug Bridge adb, leading to arbitrary code execution and system administration. Also, this provides a covert ability to capture screen data from the Zoom Client on Windows by executing commands on the...

9.8AI score0.02327EPSS
Exploits0References1
Hacker One
Hacker One
added 2019/11/14 7:41 p.m.81 views

Stripo Inc: Clickjacking on my.stripo.email for MailChimp credentials

Clickjacking is a malicious hacking technique where attackers can acquire sensitive data. Through simple social engineering techniques these links can be sent out to unsuspecting customers to steal their credentials or perform actions on their accounts. For this example I saw that where I goto...

1AI score
Exploits0
Rows per page
Query Builder