79 matches found
PT-2024-1621 · Unknown · Location Intelligence Sus Non-Prod +7
Name of the Vulnerable Software and Affected Versions: Location Intelligence Perpetual Large versions prior to V4.3 Location Intelligence Perpetual Medium versions prior to V4.3 Location Intelligence Perpetual Non-Prod versions prior to V4.3 Location Intelligence Perpetual Small versions prior to...
CVE-2023-45992
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...
Cross site request forgery (csrf)
A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...
SUSE CVE-2021-36784
A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4...
CVE-2022-23741 Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in...
Design/Logic Flaw
An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...
Exploit for CVE-2021-44103
CVE-2021-44103 A proof of concept for KONGA 0.14.9 - Privilege...
Improper Authorization in User Management to Vertical Privilege Escalation
Description Pandora FMS v7.0NG.759 allows improper authorization in User Management where any authenticated user with access to the User Management module could create, modify, delete any user with full admin privilege. The impact could lead to vertical privilege escalation to access the privileg...
CVE-2021-40859
Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device...
CVE-2021-35961
Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission...
CVE-2020-35575
A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9201211 beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N,...
CVE-2020-5945
In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability XSS. The issue allows a minor privilege escalation for resource admin to escalate to full admin...
HiSilicon Video Encoders - Full admin access via backdoor password
!/usr/bin/env bash Exploit Title: HiSilicon video encoders - full admin access via backdoor password Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24215 Vendors: URayTech, J-Tech Digital...
Critical RCE Flaw Affects F5 BIG-IP Application Security Servers
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. The vulnerability, assigned...
PT-2020-6502
Name of the Vulnerable Software and Affected Versions IBM Data Risk Manager versions 2.0.1 through 2.0.6 Description The issue is related to the implementation of SAML Security Assertion Markup Language technology in IBM Data Risk Manager, which is associated with deficiencies in the authenticati...
CVE-2019-11489
CVE-2019-11489 affects SimplyBook.me Enterprise (older releases) where the Administrative Management Interface enforces incorrect access control. Affected: authenticated low-privilege users; vulnerability allows elevation to full admin rights via a crafted HTTP PUT to a /v2/rest/ endpoint with mo...
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the...
CVE-2018-15728
Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the...
Hosting Controller - Multiple Security Bugs (Extremely Critical)
Title: Multiple Security Bugs In Hosting Controller Critical: Extremely critical Impact: Full system administrator access Vendor: Hosting Controller Version: 6.1 Hot fix = 3.3 Vendor URL: www.hostingcontroller.com Solution: N/A From company - There is temporary solution in this report Exploit:...