60 matches found
DataGear Security Breach
DataGear is an open source, free data visualization and analysis platform from DataGear, Inc. A security vulnerability exists in DataGear v5.0.0 and prior versions, which originates from the Data Viewing interface containing a SpEL expression injection...
CVE-2024-37759
DataGear v5.0.0 and earlier was discovered to contain a SpEL Spring Expression Language expression injection vulnerability via the Data Viewing interface...
Code injection
A privacy issue was addressed by not logging contents of text fields. This issue is fixed in macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4. An app may be able to view Mail data...
DEBIAN-CVE-2023-49344
Temporary data passed between application components by Budgie Extras Window Shuffler applet could potentially be viewed or manipulated. The data is stored in a location that is accessible to any user who has local access to the system. Attackers may pre-create and control this file to present...
Cross site scripting
A cross site scripting vulnerability was discovered in Rockwell Automation's ArmorStart ST product that could potentially allow a malicious user to view and modify sensitive data or make the web page unavailable. User interaction, such as a phishing attack, is required for successful exploitation...
Rockwell Automation ArmorStart ST 跨站脚本漏洞
Rockwell Automation ArmorStart ST is a simple and cost-effective solution for machine-side control architectures from Rockwell Automation. A cross-site scripting vulnerability exists in Rockwell Automation ArmorStart ST, which can be exploited by an attacker to view and modify sensitive data or...
CVE-2022-40615
IBM Sterling Partner Engagement Manager 6.1, 6.2, and 6.2.1 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 236208...
Simple Cold Storage Management System SQL注入漏洞
Simple Cold Storage Management System is a simple cold storage management system. A SQL injection vulnerability exists in Simple Cold Storage Management System. An attacker could use this vulnerability to view, add, modify, or delete information in a back-end database...
CVE-2022-20811
Multiple vulnerabilities in Cisco TelePresence Collaboration Endpoint CE Software and Cisco RoomOS Software could allow an attacker to conduct path traversal attacks, view sensitive data, or write arbitrary files on an affected device. For more information about these vulnerabilities, see the...
CVE-2022-39800
SAP BusinessObjects BI LaunchPad - versions 420, 430, is susceptible to script execution attack by an unauthenticated attacker due to improper sanitization of the user inputs while interacting on the network. On successful exploitation, an attacker can view or modify information causing a limited...
The vulnerability of the SAP NetWeaver Enterprise Portal software integration platform lies in the lack of security measures for the website structure, allowing attackers to view, add, modify, or delete data.
The vulnerability of the SAP NetWeaver Enterprise Portal software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to remotely view, add, modify, or delete data...
The vulnerability of the SAP Enterprise Portal software integration platform lies in its lack of protection for website structures, allowing attackers to view, add, modify, or delete data.
The vulnerability of the SAP Enterprise Portal software integration platform is related to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to remotely view, add, modify, or delete data...
Design/Logic Flaw
Due to insecure session management, SAP Enable Now allows an unauthenticated attacker to gain access to user's account. On successful exploitation, an attacker can view or modify user data causing limited impact on confidentiality and integrity of the application...
GARO Wallbox GLB/GTB/GTC 访问控制错误漏洞
The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in the GARO Wallbox GLB/GTB/GTC that stems from incorrect access control on the software web manager page. An attacker could use this vulnerability to view and modify...
CVE-2022-24742
CVE-2022-24742 affects Sylius open-source eCommerce platforms. Prior to versions 1.9.10, 1.10.11, and 1.11.2, an attacker could view data after logout if the browser tab remains open and the back button is used; the issue is fixed in those versions and later. The available workarounds involve enf...
CVE-2021-44676
Zoho ManageEngine Access Manager Plus before 4203 allows anyone to view a few data elements e.g., access control details and modify a few aspects of the application state...
PT-2021-24145 · Zoho · Zoho Manageengine Access Manager Plus
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Access Manager Plus versions prior to 4203 Description: The issue allows anyone to view certain data elements, such as access control details, and modify some aspects of the application state. Recommendations: For versions...
CVE-2021-32069
The AWV component of Mitel MiCollab before 9.3 could allow an attacker to perform a Man-In-the-Middle attack due to improper TLS negotiation. A successful exploit could allow an attacker to view and modify data...
Philips Vue PACS 安全漏洞
Philips Vue PACS is an image management solution from Philips Europe. A security vulnerability exists in Philips Vue PACS. The vulnerability allows an unauthorized person or process to eavesdrop, view or modify data, gain access to the system, execute code, install unauthorized software, or affec...
Philips Vue PACS 安全漏洞
Philips Vue PACS is an image management solution from Philips Europe. A security vulnerability exists in Philips Vue PACS. The vulnerability allows an unauthorized person or process to eavesdrop, view or modify data, gain access to the system, execute code, install unauthorized software, or affec...