214 matches found
PT-2023-19675 · Sap · Sap Netweaver As Java For Deploy Service
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java for Deploy Service version 7.5 Description: The issue allows an unauthenticated attacker to access server settings and data without modifying them, as the system does not perform access control checks for certain...
PT-2023-21943 · Sap · Sap Netweaver Enterprise Portal
Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Enterprise Portal version 7.50 Description: An unauthenticated attacker can attach to an open interface and make use of an open API to access a service, enabling them to access or modify server settings and data. This leads to...
CVE-2022-43631
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...
The vulnerability of the SetVirtualServerSettings function in D-Link DIR-867 router microprogramming software allows a hacker to execute arbitrary commands in the device’s operating system under the identity of the root user.
The vulnerability of the SetVirtualServerSettings function in D-Link DIR-867 router microprogramming software is related to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the device’s operating system under the identi...
Stored XSS in server settings when upload branding
Description An attacker can upload an arbitrary file with a content type starting with image/ Proof of Concept POST /server/theme HTTP/1.1 Host: localhost:14142 Content-Length: 1077 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0...
CVE-2022-45897
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings...
Xerox WorkCentre 3550 安全漏洞
Xerox WorkCentre is a series of all-in-one printers from Xerox Corporation USA. A security vulnerability exists in the Xerox WorkCentre 3550 version 25.003.03.000, which originates from the fact that an authenticated attacker can view SMB server settings and can obtain plaintext credentials relat...
CVE-2022-45897
On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings...
PT-2023-14791 · Xerox · Xerox Workcentre 3550
Name of the Vulnerable Software and Affected Versions: Xerox WorkCentre 3550 version 25.003.03.000 Description: An authenticated attacker can view the SMB server settings and obtain the stored cleartext credentials associated with those settings. Recommendations: For Xerox WorkCentre 3550 version...
CVE-2022-43959
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...
CVE-2022-43959
Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...
CVE-2023-22452
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
Input validation
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
CVE-2023-22452
CVE-2023-22452 affects the Discord bot kenny2automate . The vulnerability is in the web interface for server settings where input names embedded Discord channel IDs, with no validation to confirm the IDs belong to the target server before commit a947d7c. This enables an attacker who has access to...
CVE-2023-22452 Improper Input Validation in kenny2automate
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
CVE-2023-22452 Improper Input Validation in kenny2automate
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
CVE-2023-22452 Improper Input Validation in kenny2automate
kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...
PT-2023-18508 · Unknown · Kenny2Automate
Name of the Vulnerable Software and Affected Versions: kenny2automate versions prior to commit a947d7c Description: The issue concerns a Discord bot where form elements in the web interface for server settings were generated with Discord channel IDs as part of input names. No validation was...
CVE-2022-45039
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...
Design/Logic Flaw
An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...