6 matches found
CVE-2024-7612
Insecure permissions in Ivanti EPMM before 12.1.0.4 allow a local authenticated attacker to modify sensitive application components...
CVE-2024-7612
Ivanti EPMM (Endpoint Manager Mobile, formerly MobileIron Core) prior to version 12.1.0.4 is affected by an insecure permissions issue that allows a locally authenticated attacker to modify sensitive application components and configuration files. Core impact is high, including potential read/wri...
CVE-2021-29394
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST...
Cross site request forgery (csrf)
Account Hijacking in /northstar/Admin/changePassword.jsp in Northstar Technologies Inc NorthStar Club Management 6.3 allows remote authenticated users to change the password of any targeted user accounts via lack of proper authorization in the user-controlled "userID" parameter of the HTTP POST...
CVE-2019-15373
The Symphony i95 Lite Android device with a build fingerprint of LAVA/iris88lite/iris88lite:8.1.0/O11019/1536323070:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device to...
Authorization
The Ulefone Armor 5 Android device with a build fingerprint of Ulefone/UlefoneArmor5/UlefoneArmor5:8.1.0/O11019/1528806701:user/release-keys contains a pre-installed app with a package name of com.mediatek.wfo.impl app versionCode=27, versionName=8.1.0 that allows any app co-located on the device...