15 matches found
EUVD-2005-2772
Malware in sbrugna...
EUVD-2020-26546
Malware in sbrugna...
Authentication Bypass
org.springframework.security, spring-security-aspects is vulnerable to an Authorization Bypass. The vulnerability is due to Spring Security Aspects not detecting method security annotations on private methods when @EnableMethodSecuritymode=ASPECTJ is used, allowing an attacker to invoke those...
CVE-2024-20282
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this...
CVE-2022-30320
Saia Burgess Controls SBC PCD through 2022-05-06 uses a Broken or Risky Cryptographic Algorithm. According to FSCT-2022-0063, there is a Saia Burgess Controls SBC PCD S-Bus weak credential hashing scheme issue. The affected components are characterized as: S-Bus 5050/UDP authentication. The...
PT-2024-30402 · Unknown · Masteriyo - Lms
Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.11.4 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for unauthorized access. The estimated number of potentially affected devices is n...
CVE-2024-20282
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this...
CVE-2024-20282
A vulnerability in Cisco Nexus Dashboard could allow an authenticated, local attacker with valid rescue-user credentials to elevate privileges to root on an affected device. This vulnerability is due to insufficient protections for a sensitive access token. An attacker could exploit this...
PT-2024-3821 · Cisco · Cisco Nexus Dashboard
Name of the Vulnerable Software and Affected Versions: Cisco Nexus Dashboard affected versions not specified Description: The issue is related to insufficient access control protections, which could allow an authenticated, local attacker with valid credentials to elevate privileges to root on an...
PT-2023-31081 · Unknown · Teachpress
Name of the Vulnerable Software and Affected Versions: teachPress versions n/a through 9.0.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the us...
PT-2023-28418 · Samsung · Samsung Account
Name of the Vulnerable Software and Affected Versions: Samsung Account versions prior to 14.5.00.7 Description: The issue concerns the use of implicit intent for sensitive communication in the startSignIn function of Samsung Account, allowing attackers to access arbitrary files with Samsung Accou...
PT-2023-27866 · Unknown · Buildfail Localize Remote Images
Name of the Vulnerable Software and Affected Versions: Buildfail Localize Remote Images plugin versions 1.0.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended...
PT-2023-28035 · Giovambattista Fazioli · Wp Bannerize Pro
Name of the Vulnerable Software and Affected Versions: Giovambattista Fazioli WP Bannerize Pro plugin versions = 1.6.9 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website without proper...
PT-2022-23716 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche version 6.3.2.3490 Description: This issue allows remote attackers to bypass authentication on affected installations. The specific flaw exists within the ProfileDaoImpl class. A crafted request can trigger execution of SQL...
CVE-2021-28164
In Eclipse Jetty 9.4.37.v20210219 to 9.4.38.v20210224, the default compliance mode allows requests with URIs that contain %2e or %2e%2e segments to access protected resources within the WEB-INF directory. For example a request to /context/%2e/WEB-INF/web.xml can retrieve the web.xml file. This ca...