Lucene search
K

79 matches found

Positive Technologies
Positive Technologies
added 2024/02/13 12:0 a.m.8 views

PT-2024-1621 · Unknown · Location Intelligence Sus Non-Prod +7

Name of the Vulnerable Software and Affected Versions: Location Intelligence Perpetual Large versions prior to V4.3 Location Intelligence Perpetual Medium versions prior to V4.3 Location Intelligence Perpetual Non-Prod versions prior to V4.3 Location Intelligence Perpetual Small versions prior to...

9.8CVSS7.7AI score0.00733EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2023/10/19 7:15 p.m.6 views

CVE-2023-45992

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...

9.6CVSS5.9AI score0.00586EPSS
Exploits1References6
Prion
Prion
added 2023/10/19 7:15 p.m.24 views

Cross site request forgery (csrf)

A vulnerability in the web-based interface of the RUCKUS Cloudpath product on version 5.12 build 5538 or before to could allow a remote, unauthenticated attacker to execute persistent XSS and CSRF attacks against a user of the admin management interface. A successful attack, combined with a certa...

6.8CVSS9.1AI score0.00586EPSS
Exploits1References5Affected Software1
SUSE CVE
SUSE CVE
added 2023/02/15 3:39 a.m.4 views

SUSE CVE-2021-36784

A Improper Privilege Management vulnerability in SUSE Rancher allows users with the restricted-admin role to escalate to full admin. This issue affects: SUSE Rancher Rancher versions prior to 2.5.13; Rancher versions prior to 2.6.4...

7.2CVSS7AI score0.00842EPSS
Exploits0References4
Cvelist
Cvelist
added 2022/12/14 12:0 a.m.29 views

CVE-2022-23741 Incorrect authorization in GitHub Enterprise Server token generation leading to full admin access

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a scoped user-to-server token to escalate to full admin/owner privileges. An attacker would require an account with admin access to install a malicious GitHub App. This vulnerability was fixed in...

7.2AI score0.01097EPSS
Exploits0References4
Prion
Prion
added 2022/11/29 4:15 a.m.20 views

Design/Logic Flaw

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

5.8CVSS8.7AI score0.00642EPSS
Exploits1References1Affected Software1
GithubExploit
GithubExploit
added 2022/10/16 4:2 p.m.338 views

Exploit for CVE-2021-44103

CVE-2021-44103 A proof of concept for KONGA 0.14.9 - Privilege...

6.7AI score
Exploits2
Huntr
Huntr
added 2022/02/25 6:35 a.m.15 views

Improper Authorization in User Management to Vertical Privilege Escalation

Description Pandora FMS v7.0NG.759 allows improper authorization in User Management where any authenticated user with access to the User Management module could create, modify, delete any user with full admin privilege. The impact could lead to vertical privilege escalation to access the privileg...

6.5CVSS1.8AI score0.00593EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2021/12/07 7:15 p.m.4 views

CVE-2021-40859

Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow attackers with access to the web based management application full administrative access to the device...

10CVSS7.5AI score0.71979EPSS
Exploits6References4
OSV
OSV
added 2021/07/16 4:15 p.m.5 views

CVE-2021-35961

Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission...

9.8CVSS5.8AI score0.02187EPSS
Exploits0References2
OSV
OSV
added 2020/12/26 2:15 a.m.9 views

CVE-2020-35575

A password-disclosure issue in the web interface on certain TP-Link devices allows a remote attacker to get full administrative access to the web panel. This affects WA901ND devices before 3.16.9201211 beta, and Archer C5, Archer C7, MR3420, MR6400, WA701ND, WA801ND, WDR3500, WDR3600, WE843N,...

9.8CVSS5.8AI score0.07643EPSS
Exploits3References4
OSV
OSV
added 2020/11/05 8:15 p.m.4 views

CVE-2020-5945

In BIG-IP versions 16.0.0-16.0.0.1, 15.1.0-15.1.0.5, and 14.1.0-14.1.2.7, undisclosed TMUI page contains a stored cross site scripting vulnerability XSS. The issue allows a minor privilege escalation for resource admin to escalate to full admin...

8.4CVSS6.8AI score0.01311EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2020/10/19 12:0 a.m.271 views

HiSilicon Video Encoders - Full admin access via backdoor password

!/usr/bin/env bash Exploit Title: HiSilicon video encoders - full admin access via backdoor password Date: 2020-09-20 Exploit Author: Alexei Kojenov Vendor Homepage: multiple vendors Software Link: N/A Version: vendor-specific Tested on: Linux CVE: CVE-2020-24215 Vendors: URayTech, J-Tech Digital...

9.8CVSS9.7AI score0.1976EPSS
Exploits3
The Hacker News
The Hacker News
added 2020/07/04 2:20 p.m.6 views

Critical RCE Flaw Affects F5 BIG-IP Application Security Servers

Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. The vulnerability, assigned...

10CVSS7.8AI score0.99999EPSS
Exploits60
Positive Technologies
Positive Technologies
added 2020/05/07 12:0 a.m.8 views

PT-2020-6502

Name of the Vulnerable Software and Affected Versions IBM Data Risk Manager versions 2.0.1 through 2.0.6 Description The issue is related to the implementation of SAML Security Assertion Markup Language technology in IBM Data Risk Manager, which is associated with deficiencies in the authenticati...

9.8CVSS9.6AI score0.70031EPSS
Exploits8References11
CVE
CVE
added 2019/04/25 8:2 p.m.50 views

CVE-2019-11489

CVE-2019-11489 affects SimplyBook.me Enterprise (older releases) where the Administrative Management Interface enforces incorrect access control. Affected: authenticated low-privilege users; vulnerability allows elevation to full admin rights via a crafted HTTP PUT to a /v2/rest/ endpoint with mo...

9CVSS8.3AI score0.02563EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2018/08/24 7:29 p.m.19 views

CVE-2018-15728

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the...

9CVSS5.8AI score0.02918EPSS
Exploits3References3
Cvelist
Cvelist
added 2018/08/24 7:0 p.m.23 views

CVE-2018-15728

Couchbase Server exposed the '/diag/eval' endpoint which by default is available on TCP/8091 and/or TCP/18091. Authenticated users that have 'Full Admin' role assigned could send arbitrary Erlang code to the 'diag/eval' endpoint of the API and the code would subsequently be executed in the...

6.3AI score0.02918EPSS
Exploits3References3
securityvulns
securityvulns
added 2007/12/16 12:0 a.m.98 views

Hosting Controller - Multiple Security Bugs (Extremely Critical)

Title: Multiple Security Bugs In Hosting Controller Critical: Extremely critical Impact: Full system administrator access Vendor: Hosting Controller Version: 6.1 Hot fix = 3.3 Vendor URL: www.hostingcontroller.com Solution: N/A From company - There is temporary solution in this report Exploit:...

8.5AI score
Exploits0
Rows per page
Query Builder