Lucene search
+L

214 matches found

ptsecurity
ptsecurity
added 2023/04/11 12:0 a.m.5 views

PT-2023-19675 · Sap · Sap Netweaver As Java For Deploy Service

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver AS Java for Deploy Service version 7.5 Description: The issue allows an unauthenticated attacker to access server settings and data without modifying them, as the system does not perform access control checks for certain...

5.3CVSS5.2AI score0.00452EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2023/04/11 12:0 a.m.10 views

PT-2023-21943 · Sap · Sap Netweaver Enterprise Portal

Name of the Vulnerable Software and Affected Versions: SAP NetWeaver Enterprise Portal version 7.50 Description: An unauthenticated attacker can attach to an open interface and make use of an open API to access a service, enabling them to access or modify server settings and data. This leads to...

6.5CVSS6.5AI score0.00379EPSS
Exploits0References5
osv
osv
added 2023/03/29 7:15 p.m.6 views

CVE-2022-43631

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-1935 1.03 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the...

6.8CVSS6.1AI score0.01085EPSS
Exploits0References2
bdu_fstec
bdu_fstec
added 2023/03/22 12:0 a.m.7 views

The vulnerability of the SetVirtualServerSettings function in D-Link DIR-867 router microprogramming software allows a hacker to execute arbitrary commands in the device’s operating system under the identity of the root user.

The vulnerability of the SetVirtualServerSettings function in D-Link DIR-867 router microprogramming software is related to the possibility of executing commands. Exploiting this vulnerability allows a malicious actor to execute arbitrary commands on the device’s operating system under the identi...

10CVSS8.1AI score0.02524EPSS
Exploits0References6Affected Software1
huntr
huntr
added 2023/02/09 3:12 p.m.22 views

Stored XSS in server settings when upload branding

Description An attacker can upload an arbitrary file with a content type starting with image/ Proof of Concept POST /server/theme HTTP/1.1 Host: localhost:14142 Content-Length: 1077 Cache-Control: max-age=0 sec-ch-ua: "Chromium";v="89", ";Not A Brand";v="99" sec-ch-ua-mobile: ?0...

4.9CVSS6AI score0.00556EPSS
Exploits1
osv
osv
added 2023/01/31 12:15 a.m.4 views

CVE-2022-45897

On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings...

6.5CVSS5.8AI score0.00389EPSS
Exploits0References2
cnnvd
cnnvd
added 2023/01/31 12:0 a.m.3 views

Xerox WorkCentre 3550 安全漏洞

Xerox WorkCentre is a series of all-in-one printers from Xerox Corporation USA. A security vulnerability exists in the Xerox WorkCentre 3550 version 25.003.03.000, which originates from the fact that an authenticated attacker can view SMB server settings and can obtain plaintext credentials relat...

6.5CVSS6.5AI score0.00389EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2023/01/30 12:0 a.m.8 views

CVE-2022-45897

On Xerox WorkCentre 3550 25.003.03.000 devices, an authenticated attacker can view the SMB server settings and can obtain the stored cleartext credentials associated with those settings...

6.5AI score0.00389EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2023/01/30 12:0 a.m.7 views

PT-2023-14791 · Xerox · Xerox Workcentre 3550

Name of the Vulnerable Software and Affected Versions: Xerox WorkCentre 3550 version 25.003.03.000 Description: An authenticated attacker can view the SMB server settings and obtain the stored cleartext credentials associated with those settings. Recommendations: For Xerox WorkCentre 3550 version...

6.5CVSS6.3AI score0.00389EPSS
Exploits0References5
nvd
nvd
added 2023/01/20 3:15 p.m.23 views

CVE-2022-43959

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

4.9CVSS5.4AI score0.01013EPSS
Exploits1References3
osv
osv
added 2023/01/20 3:15 p.m.7 views

CVE-2022-43959

Insufficiently Protected Credentials in the AD/LDAP server settings in 1C-Bitrix Bitrix24 through 22.200.200 allow remote administrators to discover an AD/LDAP administrative password by reading the source code of /bitrix/admin/ldapserveredit.php...

4.9CVSS5.9AI score0.01013EPSS
Exploits1References3
nvd
nvd
added 2023/01/02 8:15 p.m.32 views

CVE-2023-22452

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

6.5CVSS6.5AI score0.00548EPSS
Exploits0References2
prion
prion
added 2023/01/02 8:15 p.m.12 views

Input validation

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

4CVSS6.5AI score0.00548EPSS
Exploits0References2Affected Software1
cve
cve
added 2023/01/02 7:17 p.m.98 views

CVE-2023-22452

CVE-2023-22452 affects the Discord bot kenny2automate . The vulnerability is in the web interface for server settings where input names embedded Discord channel IDs, with no validation to confirm the IDs belong to the target server before commit a947d7c. This enables an attacker who has access to...

6.5CVSS6.5AI score0.00548EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/01/02 7:17 p.m.31 views

CVE-2023-22452 Improper Input Validation in kenny2automate

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

6.5CVSS6.7AI score0.00548EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2023/01/02 7:17 p.m.7 views

CVE-2023-22452 Improper Input Validation in kenny2automate

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

6.5CVSS6.7AI score0.00548EPSS
Exploits0References2
osv
osv
added 2023/01/02 7:17 p.m.20 views

CVE-2023-22452 Improper Input Validation in kenny2automate

kenny2automate is a Discord bot. In the web interface for server settings, form elements were generated with Discord channel IDs as part of input names. Prior to commit a947d7c, no validation was performed to ensure that the channel IDs submitted actually belonged to the server being configured...

6.5CVSS6.5AI score0.00548EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2023/01/02 12:0 a.m.5 views

PT-2023-18508 · Unknown · Kenny2Automate

Name of the Vulnerable Software and Affected Versions: kenny2automate versions prior to commit a947d7c Description: The issue concerns a Discord bot where form elements in the web interface for server settings were generated with Discord channel IDs as part of input names. No validation was...

6.5CVSS6.4AI score0.00548EPSS
Exploits0References7
nvd
nvd
added 2022/11/25 4:15 p.m.22 views

CVE-2022-45039

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...

7.2CVSS0.01034EPSS
Exploits1References1
prion
prion
added 2022/11/25 4:15 p.m.17 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the Server Settings module of WBCE CMS v1.5.4 allows attackers to execute arbitrary code via a crafted PHP file...

5.8CVSS7.3AI score0.01034EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder