3169 matches found
CVE-2024-0336 Improper Access Control in EMTA Grups PDKS
Missing Authentication for Critical Function vulnerability in EMTA Grup PDKS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects PDKS: from V3.04 before 20240603. NOTE: The vendor was contacted early about this disclosure but did not respond in any way...
CVE-2024-31281
Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.6...
CVE-2024-31281 WordPress Church Admin plugin <= 4.1.6 - Broken Access Control vulnerability
Missing Authorization vulnerability in andymoyle Church Admin church-admin.This issue affects Church Admin: from n/a through = 4.1.6...
CVE-2024-31281
CVE-2024-31281 is a Missing Authorization vulnerability in the WordPress plugin Church Admin (church-admin) affecting versions up to 4.1.6. Public records consistently describe it as a broken access control vulnerability that allows exploitation due to incorrectly configured access control securi...
CVE-2023-33321
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...
CVE-2023-33321
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...
CVE-2023-33321 WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...
CVE-2023-33321
CVE-2023-33321 is a confirmed vulnerability in the WordPress plugin EventPrime (Metagauss) affecting versions
CVE-2023-33321 WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6...
CVE-2023-32259
CVE-2023-32259 concerns insufficient granularity of access control in OpenText SMAX and AMX. Affected products/versions: SMAX 2020.05–2022.11 and AMX 2021.08–2022.11. Root cause per sources: incorrectly configured access control security levels leading to improper access checks. Potential impact ...
CVE-2023-32259 Potential Insufficient Access Control vulnerability has been identified in OpenText™ SMAX/AMX products.
Insufficient Granularity of Access Control vulnerability in OpenText™ Service Management Automation X SMAX, OpenText™ Asset Management X AMX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Service Management Automation X SMAX versions 2020.05, 2020.08,...
JIRA REST API /rest/api/2/user/viewissue/search doesn't respect Security Levels
h3. Issue Summary REST API - rest/api/2/user/viewissue/search Does not respect permissions, doing this REST API both on users who have browse permission and no permissions for a single ticket will result in both users still being able to view the issue. See this documentation for reference -...
CVE-2023-3033
Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22...
Authorization
Incorrect Authorization vulnerability in Mobatime web application allows Privilege Escalation, Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Mobatime web application: through 06.7.22...
CVE-2023-3033
Mobatime web application is affected by CVE-2023-3033 due to incorrect authorization and misconfigured access control, enabling privilege escalation through versions up to 06.7.22. The product/component is Mobatime web app; root cause is broken/incorrect access control. Impact is privilege escala...
All Bachmann M1 System Processor Modules
1. EXECUTIVE SUMMARY CVSS v3 7.2 ATTENTION: Exploitable remotely/low attack complexity Vendor: Bachmann Electronic, GmbH Equipment: All M-Base Controllers Vulnerability: Use of Password Hash with Insufficient Computational Effort 2. REPOSTED INFORMATION This updated advisory is a follow-up to the...
CVE-2020-7278 McAfee firewall rules not enforced correctly
Exploiting incorrectly configured access control security levels vulnerability in ENS Firewall in McAfee Endpoint Security ENS for Windows prior to 10.7.0 April 2020 and 10.6.1 April 2020 updates allows remote attackers and local users to allow or block unauthorized traffic via pre-existing rules...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
Cross site scripting
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...
CVE-2019-9957
Stored XSS within Quadbase EspressReport ES ERES v7.0 update 7 allows remote attackers to execute malicious JavaScript and inject arbitrary source code into the target pages. The XSS payload is stored by creating a new user account, and setting the username to an XSS payload. The stored payload c...