151 matches found
CVE-2024-0551
CVE-2024-0551 describes an access-control error that allows exporting the database and related data via the default user role for users with prior system access. The export mechanism uses a deterministic name, and the download is initiated by the UI before the export is deleted from the system, i...
PT-2024-15651 · Git +2 · Anything-Llm +1
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows exports of the database and associated exported information of the system via the default user role. An attacker would need to have been granted access to the system prior...
The vulnerability of the Vinchin Backup & Recovery software for backup and restoration operations, related to the use of default user accounts, allows a perpetrator to escalate their privileges.
The vulnerability of the Vinchin Backup & Recovery software for backup and restoration is related to the use of default user accounts. Exploiting this vulnerability could allow a malicious actor to gain increased privileges from a remote location...
CVE-2023-51982
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
PYSEC-2024-27
CrateDB 5.5.1 is contains an authentication bypass vulnerability in the Admin UI component. After configuring password authentication and Local In the case of an address, identity authentication can be bypassed by setting the X-Real IP request header to a specific value and accessing the Admin UI...
CrateDB Security Vulnerability
CrateDB is a distributed and scalable SQL database from CrateDB, Inc. A security vulnerability exists in CrateDB version 5.5.1, which stems from an authentication bypass vulnerability contained in the Admin UI component, which can be bypassed by setting the X-Real IP request header to a specific...
PT-2024-40900 · Crateio · Cratedb
Name of the Vulnerable Software and Affected Versions: CrateDB version 5.5.1 Description: The issue concerns an authentication bypass in the Admin UI component. It can be exploited by setting the X-Real-IP request header to a specific value, allowing access to the Admin UI using the default user...
PT-2023-30523 · Datahub · Datahub
Name of the Vulnerable Software and Affected Versions: DataHub versions prior to 0.12.1 Description: The issue concerns an open-source metadata platform where sign-up through an invite link does not properly restrict users from signing up as privileged accounts. If a user is given an email sign-u...
CVE-2023-3265
An authentication bypass exists on CyberPower PowerPanel Enterprise by failing to sanitize meta-characters from the username, allowing an attacker to login into the application with the default user "cyberpower" by appending a non-printable character.An unauthenticated attacker can leverage this...
Allhandsmarketing LMS 2.0 Cross Site Request Forgery
==================================================================================================================================== | Title : Allhandsmarketing LMS v2.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 69.032-bit | |...
PT-2023-12427 · WordPress · The Plus Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor plugin for WordPress versions up to, and including 4.1.9 pro and 2.0.6 free Description: The plugin is vulnerable to privilege escalation due to a registration form that allows users to choose the default role fo...
CVE-2023-0444
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privilege...
Privilege escalation
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privilege...
CVE-2023-0444
A privilege escalation vulnerability exists in Delta Electronics InfraSuite Device Master 00.00.02a. A default user 'User', which is in the 'Read Only User' group, can view the password of another default user 'Administrator', which is in the 'Administrator' group. This allows any lower privilege...
PT-2022-27786
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.10.4 authentik versions prior to 2022.11.4 Description The issue allows any authenticated user to create an arbitrary number of accounts through the default flows, which can circumvent policies where it is...
Design/Logic Flaw
authentik is an open-source identity provider. Versions prior to 2022.11.2 and 2022.10.2 are vulnerable to unauthorized user creation and potential account takeover. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that allows for email-verified...
PT-2022-27762
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2022.11.2 authentik versions prior to 2022.10.2 Description authentik is an open-source identity provider. With the default flows, unauthenticated users can create new accounts in authentik. If a flow exists that...
CVE-2022-2052 TRUMPF TruTops default user accounts vulnerability
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system...
CVE-2022-2052 TRUMPF TruTops default user accounts vulnerability
Multiple Trumpf Products in multiple versions use default privileged Windows users and passwords. An adversary may use these accounts to remotely gain full access to the system...
CVE-2022-31484 User Account Deletion Unauthenticated
An unauthenticated attacker can send a specially crafted network packet to delete a user from the web interface. This vulnerability impacts products based on HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 which contain firmware versions prior to 1.29. The impact of...