24 matches found
EUVD-2020-5713
Malware in sbrugna...
CVE-2020-13462
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
CVE-2020-13532
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...
Privilege escalation
A privilege escalation vulnerability exists in Dream Report 5 R20-2. In the default configuration, the Syncfusion Dashboard Service service binary can be replaced by attackers to escalate privileges to NT SYSTEM. An attacker can provide a malicious file to trigger this vulnerability...
Privilege escalation
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...
CVE-2020-13532
Dream Report 5 R20-2 is affected by CVE-2020-13532. Talos confirms a privilege-escalation via replacing the Syncfusion Dashboard Service binary when Dream Report is installed by default in C:\ODS with weak permissions, allowing an attacker to escalate to NT SYSTEM by providing a malicious file. R...
CVE-2020-13533
Dream Report 5 R20-2 is affected by a privilege escalation vulnerability linked to default weak permissions in the install directory and specific Run keys. The default C:\ODS permissions allow broad access, enabling an attacker to abuse Run keys ods_rtm_launch and ods_usc (mapping to RTM.exe and ...
CVE-2020-13533
A privilege escalation vulnerability exists in Dream Report 5 R20-2. IIn the default configuration, the following registry keys, which reference binaries with weak permissions, can be abused by attackers to effectively ‘backdoor’ the installation files and escalate privileges when a new user logs...
CVE-2020-13534
A privilege escalation vulnerability exists in Dream Report 5 R20-2. COM Class Identifiers CLSID, installed by Dream Report 5 20-2, reference LocalServer32 and InprocServer32 with weak privileges which can lead to privilege escalation when used. An attacker can provide a malicious file to trigger...
Ocean Data Systems Dream Report 5 R20-2 安全漏洞
Ocean Data Systems Dream Report 5 R20-2 is an application from the French company Ocean Data Systems. A real-time reporting and charting solution. A security vulnerability exists in Dream Report 5 R20-2, which can be triggered by an attacker providing a malicious file...
CVE-2020-13462
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
Design/Logic Flaw
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
CVE-2020-13462
Insecure Direct Object Reference IDOR exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. Fixed in version R20-2 GA...
CVE-2020-13460
Multiple Cross-Site Request Forgery CSRF vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA...
CVE-2020-13460
Multiple Cross-Site Request Forgery CSRF vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA...
Cross site scripting
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
Cross site scripting
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
Cross site scripting
Tufin SecureTrack R20-2 GA contains reflected + stored XSS as in, the value is reflected back to the user, but is also stored within the DB and can be later triggered again by the same victim, or also later by different users. Both stored, and reflected payloads are triggerable by admin, so...
CVE-2020-13460
CVE-2020-13460 affects Tufin SecureTrack and describes Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in all versions prior to R20-2 GA. The NVD metrics show CVSS v3.1 base score 8.8 (HIGH) with network attack vector, low attack complexity, no privileges, and user interaction required...
CVE-2020-13460
Multiple Cross-Site Request Forgery CSRF vulnerabilities were present in Tufin SecureTrack, affecting all versions prior to R20-2 GA...