15 matches found
AVideo 授权问题漏洞
AVideo is an open-source broadcast network creation tool developed by the World Wide Broadcast Network. Version 8.1 of AVideo contains an authorization vulnerability, which stems from cross-site request forgery attacks. This vulnerability could allow attackers to exploit the password recovery...
CVE-2021-31826
Shibboleth Service Provider 3.x before 3.2.2 is prone to a NULL pointer dereference flaw involving the session recovery feature. The flaw is exploitable for a daemon crash on systems not using this feature if a crafted cookie is supplied...
PT-2025-26224 · Allegra · Allegra
Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: The issue concerns an authentication bypass vulnerability in the Allegra tool, allowing a remote attacker to bypass authentication on affected installations. This vulnerability is related t...
CVE-2023-44219
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature...
CVE-2023-44219
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature...
Privilege escalation
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature...
CVE-2023-44219
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature...
CVE-2023-44219
A local privilege escalation vulnerability in SonicWall Directory Services Connector Windows MSI client 4.1.21 and earlier versions allows a local low-privileged user to gain system privileges through running the recovery feature...
SonicWall Directory Services Connector Windows MSI Security Vulnerability
SonicWall Directory Services Connector Windows MSI is an application from SonicWall, Inc. A security vulnerability exists in the SonicWall Directory Services Connector Windows MSI client version 4.1.21 and earlier, which originates from a local elevation of privilege vulnerability that could allo...
PT-2023-5804 · Acronis · Acronis Cyber Protect Home Office
Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Home Office Windows versions before build 40173 Description: The issue is related to local privilege escalation during recovery due to improper soft link handling. This could allow an attacker to elevate their privileges...
Huawei Duke-L09 Forensic Bypass Vulnerability
The Huawei Duke-L09 is a smartphone from the Chinese company Huawei Huawei. A forensic bypass vulnerability exists in the Huawei Duke-L09 "phone recovery" feature. The vulnerability is due to the device failing to reasonably implement the authentication feature. An attacker can exploit this...
Huawei Smart Phones Local Authentication Bypass Vulnerability
Huawei Nice is a smartphone from the Chinese company Huawei Huawei. A local authentication bypass vulnerability exists in Huawei Smart Phones. An attacker can flash or restore the phone to factory settings by following certain steps. Due to the lack of authentication in the "phone recovery"...
CVE-2014-8006
The Disaster Recovery DRA feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422...
CVE-2001-0081
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys...
CVE-1999-1524
FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote attacker to exploit a password recovery feature from the network and conduct brute force password guessing, instead of limiting the feature to the serial console port...