213 matches found
CVE-2024-32939 Email addresses of remote users visible in props regardless of server settings
Mattermost versions 9.9.x = 9.9.1, 9.5.x = 9.5.7, 9.10.x = 9.10.0, 9.8.x = 9.8.2, when shared channels are enabled, fail to redact remote users' original email addresses stored in user props when email addresses are otherwise configured not to be visible in the local server."...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...
CVE-2024-5143
The CVE-2024-5143 entry describes a vulnerability in HP LaserJet Pro printers where a user with device administrative privileges can modify SMTP server settings without re‑entering credentials. This can redirect send‑to‑email traffic to an attacker‑controlled SMTP server and potentially expose th...
CVE-2024-5143
A user with device administrative privileges can change existing SMTP server settings on the device, without having to re-enter SMTP server credentials. By redirecting send-to-email traffic to the new server, the original SMTP server credentials may potentially be exposed...
PT-2024-4026
Name of the Vulnerable Software and Affected Versions: HP Color LaserJet MFP M478-M479 series affected versions not specified Description: The issue is related to a weakness in the authentication procedure of the HP Color LaserJet MFP M478-M479 series, which can potentially expose protected SMTP...
Hp LaserJet Pro Printer 安全漏洞
The HP Hp LaserJet Pro Printer is a laser printer from Hewlett-Packard HP in the United States. A security vulnerability exists in the Hp LaserJet Pro Printer that originates from a user with device administrative privileges being able to change the existing SMTP server settings on the device...
Unable to change ciphers or SSL parameters on SSL Bridge virtual server.
No option is available to change ciphers or SSL parameters on SSLBRIDGE type virtual server...
BIT-POSTGRESQL-2021-3677
A flaw was found in postgresql. A purpose-crafted query can read arbitrary bytes of server memory. In the default configuration, any authenticated database user can complete this attack at will. The attack does not require the ability to create objects. If server settings include...
CVE-2023-51070
An access control issue in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server...
CVE-2023-51070
An access control issue in QStar Archive Solutions Release RELEASE3-0 Build 7 Patch 0 allows unauthenticated attackers to arbitrarily adjust sensitive SMB settings on the QStar Server...
CVE-2023-52077
CVE-2023-52077 concerns Nexkey, a Misskey v12 fork. Before 12.23Q4.5, external apps using administrator/moderator-issued tokens could call admin APIs, enabling operations like updating server settings and risking object storage and email credentials. The issue is patched in 12.23Q4.5. No exploita...
CVE-2023-52077 External apps using tokens issued by administrators and moderators can call admin APIs
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. Prior to 12.23Q4.5, Nexkey allows external apps using tokens issued by administrators and moderators to call admin APIs. This allows malicious third-party apps to perform operations such as updating server...
PT-2023-31912 · Nexkey · Nexkey
Name of the Vulnerable Software and Affected Versions: Nexkey versions prior to 12.23Q4.5 Description: Nexkey, a lightweight fork of Misskey v12 optimized for small to medium size servers, allows external apps using tokens issued by administrators and moderators to call admin APIs. This enables...
Umbraco Information Disclosure Vulnerability
Umbraco is an open source Content Management System CMS written in C by Umbraco, Denmark. Umbraco suffers from an information disclosure vulnerability that stems from a user enumeration attack that can occur when SMTP settings are incorrect but reset passwords are enabled...
CVE-2023-41372
The vulnerability allows an unprivileged untrusted third- party application to arbitrary modify the server settings of the Android Client application, inducing it to connect to an attacker - controlled malicious server.This is possible by forging a valid broadcast intent encrypted with a hardcode...
PT-2023-27933 · Google · Android Client
Name of the Vulnerable Software and Affected Versions: Android Client application affected versions not specified Description: The issue allows an unprivileged third-party application to arbitrarily modify the server settings of the Android Client application, causing it to connect to a malicious...
Bosch ctrlX HMI Web Panel WR21 Trust Management Issue Vulnerability
Bosch ctrlX HMI Web Panel WR21 is an HMI panel from Bosch Germany. A security vulnerability exists in Bosch ctrlX HMI Web Panel WR21 that originates from allowing an unprivileged attacker to modify the server settings of the Android Agent application, thereby inducing it to connect to a malicious...
CVE-2023-4668
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins present and active, active theme,...
Code injection
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins present and active, active theme,...
CVE-2023-4668 Ad Inserter <= 2.7.30 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe
The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including installed plugins present and active, active theme,...