2931 matches found
CVE-2023-26570 Missing Authentication In IDAttend’s IDWeb Application
Missing authentication in the StudentPopupDetailsTimetable method in IDAttend’s IDWeb application 3.1.052 and earlier allows extraction sensitive student data by unauthenticated attackers...
CVE-2023-26570
CVE-2023-26570 affects IDAttend IDWeb, version 3.1.052 and earlier. A missing authentication in the StudentPopupDetails_Timetable method allows unauthenticated attackers to extract sensitive student data (confidentiality impact HIGH; CVSS 3.1 base 7.5). Remediation guidance across sources include...
PT-2023-21036 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetActiveToiletPasses method, allowing unauthenticated attackers to retrieve student information. Recommendations: For versions 3.1.0...
PT-2023-20736 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to missing authentication in the StudentPopupDetails Timetable method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For...
IDAttend IDWeb Access Control Error Vulnerability
IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the SetStudentNotes method...
IDAttend IDWeb Access Control Error Vulnerability
IDAttend IDWeb is a web-based module from IDAttend, Inc. A security vulnerability exists in IDAttend IDWeb version 3.1.052 and prior versions, which stems from a lack of authentication in the StudentPopupDetailsContactDetails method...
PT-2023-20745 · Idweb · Idweb
Name of the Vulnerable Software and Affected Versions: IDWeb application version 3.1.013 Description: The issue concerns missing authentication in the DeleteStaff method, allowing unauthenticated attackers to delete staff information. Recommendations: For version 3.1.013, ensure proper...
Schneider Electric IGSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION : low attack complexity Vendor : Schneider Electric Equipment : IGSS Interactive Graphical SCADA System Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow...
The vulnerability of backup and data recovery software on computers and servers with Acronis Agent lies in the lack of authentication procedures, which allow attackers to gain unauthorized access to protected information.
The vulnerability of backup and data recovery software on computers and servers with Acronis Agent stems from the lack of authentication procedures. Exploiting this vulnerability can allow attackers to gain unauthorized access to protected information...
Missing Authentication For Critical Function
github.com/cilium/cilium is vulnerable to Missing Authentication. The vulnerability is due to the ValidateCNP function in validator.go which lacks checks for a policy with any malicious or incorrectly match configurations, allowing an attacker to create policies that bypass namespace restrictions...
CVE-2023-36851
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...
CVE-2023-36851
A Missing Authentication for Critical Function vulnerability in Juniper Networks Junos OS on SRX Series allows an unauthenticated, network-based attacker to cause limited impact to the file system integrity. With a specific request to webauthoperation.php that doesn't require authentication, an...
The vulnerability of the libspdm library, related to the absence of an authentication procedure that allows attackers to intercept user sessions
The vulnerability of the libspdm library is related to the absence of an authentication process. Exploiting this vulnerability allows a malicious actor to intercept a user’s session remotely...
Atos Unify OpenScape Code Execution / Missing Authentication
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Authenticated Remote Code Execution and Missing Authentication product: Atos Unify OpenScape Session Border Controller Atos Unify OpenScape Branch Atos Unify OpenScape BC...
Atos Unify OpenScape Code Execution / Missing Authentication Vulnerabilities
Atos Unify OpenScape Session Border Controller, Atos Unify OpenScape Branch, and Atos Unify OpenScape BCF suffer from remote code execution and missing authentication vulnerabilities. Atos OpenScape SBC versions before 10 R3.3.0, Branch version 10 versions before R3.3.0, and BCF version 10 versio...
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...
Authentication flaw
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...
CVE-2023-4516
A CWE-306: Missing Authentication for Critical Function vulnerability exists in the IGSS Update Service that could allow a local attacker to change update source, potentially leading to remote code execution when the attacker force an update containing malicious content...