Lucene search
K

53 matches found

Mageia
Mageia
added 2021/01/04 2:42 p.m.58 views

Updated gdm packages fix a security vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

7.2CVSS3.3AI score0.01109EPSS
Exploits1References3
OSV
OSV
added 2020/11/03 3:0 p.m.6 views

USN-4614-1 gdm3 vulnerability

Kevin Backhouse discovered that GDM incorrectly launched the initial setup tool when the accountsservice daemon was not reachable. A local attacker able to cause accountsservice to crash or stop responding could trick GDM into launching the initial setup tool and create a privileged user...

7.2CVSS7.3AI score0.01109EPSS
Exploits1References2
ICS
ICS
added 2019/10/10 12:0 p.m.68 views

Siemens Industrial Products Local Privilege Escalation Vulnerability (Update I)

1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable locally Vendor: Siemens Equipment: Industrial Products Vulnerability: Improper privilege management 2. UPDATE INFORMATION This updated advisory is a follow-up to the updated advisory titled ICSA-16-313-02 Siemens Industrial Products Local...

6.9CVSS7AI score0.00378EPSS
Exploits0References55
0day.today
0day.today
added 2018/07/26 12:0 a.m.44 views

Trivum Multiroom Setup Tool 8.76 - Cross-Site Request Forgery (Admin Bypass) Vulnerability

Exploit for hardware platform in category web applications Exploit Title: Trivum Multiroom Setup Tool 8.76 - Corss-Site Request Forgery Admin Bypass Date: 2018-07-25 Software Link: https://world.trivum-shop.de https://world.trivum-shop.de/ Version: 9.34 build 13381 - 12.07.18 Category: hardware,...

0.2AI score0.17871EPSS
Exploits5
Prion
Prion
added 2018/07/17 2:29 p.m.22 views

Authorization

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" a successful...

7.5CVSS9.5AI score0.17871EPSS
Exploits5References3Affected Software1
OSV
OSV
added 2018/07/17 2:29 p.m.7 views

CVE-2018-13860

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

7.5CVSS5.8AI score0.01405EPSS
Exploits0References2
Prion
Prion
added 2018/07/17 2:29 p.m.13 views

Design/Logic Flaw

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example...

10CVSS9.4AI score0.02274EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2018/07/17 2:29 p.m.20 views

CVE-2018-13858

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional allows unauthorized remote attackers to reboot or execute other functions via the "/xml/system/control.xml" URL, using the GET request "?action=reboot" for example...

10CVSS9.5AI score0.02274EPSS
Exploits0References1
NVD
NVD
added 2018/07/17 2:29 p.m.23 views

CVE-2018-13859

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18, allow unauthorized remote attackers to reset the authentication via the "/xml/system/setAttribute.xml" URL, using the GET request "?id=0&attr=protectAccess&newValue=0" a successful...

9.8CVSS9.5AI score0.17871EPSS
Exploits5References3
Prion
Prion
added 2018/07/17 2:29 p.m.21 views

Cross site request forgery (csrf)

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

5CVSS7.3AI score0.01405EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2018/07/17 2:29 p.m.22 views

CVE-2018-13860

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

7.5CVSS7.4AI score0.01405EPSS
Exploits0References2
Cvelist
Cvelist
added 2018/07/17 2:0 p.m.21 views

CVE-2018-13860

MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional before V9.34 build 13381 - 12.07.18 allows unauthorized remote attackers to obtain sensitive information via the "/xml/menu/getObjectEditor.xml" URL, using a "?oid=systemSetup&id=0" or "?oid=systemUsers&id=0" GET...

7.4AI score0.01405EPSS
Exploits0References2
CVE
CVE
added 2018/07/17 2:0 p.m.36 views

CVE-2018-13860

CVE-2018-13860 affects MusicCenter / Trivum Multiroom Setup Tool V8.76 – SNR 8604.26 and C4 Professional before V9.34 build 13381. The vulnerability allows unauthorized remote attackers to obtain sensitive information via the /xml/menu/getObjectEditor.xml endpoint using GET requests like ?oid=sys...

7.5CVSS7.3AI score0.01405EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2018/07/17 2:0 p.m.54 views

CVE-2018-13859

CVE-2018-13859 affects MusicCenter / Trivum Multiroom Setup Tool V8.76 (SNR 8604.26) and C4 Professional prior to V9.34 build 13381. The root cause is an unauthorized reset of authentication via the GET endpoint /xml/system/setAttribute.xml with id=0&attr=protectAccess&newValue=0, allowing attack...

9.8CVSS9.5AI score0.17871EPSS
Exploits5References3Affected Software1
CVE
CVE
added 2018/07/17 2:0 p.m.37 views

CVE-2018-13858

The CVE-2018-13858 vulnerability affects MusicCenter / Trivum Multiroom Setup Tool V8.76 - SNR 8604.26 - C4 Professional. It allows unauthorized remote attackers to reboot or execute other functions via the /xml/system/control.xml URL, using a GET request like ?action=reboot. The NVD entry lists ...

10CVSS9.4AI score0.02274EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2018/06/26 2:29 p.m.6 views

CVE-2018-0563

Untrusted search path vulnerability in the installer of FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.13.0 and earlier versions and FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.13.0 and earlier versions allows an attacker to gain privileges via a Trojan horse DLL in an unspecifi...

7.8CVSS5.8AI score0.01052EPSS
Exploits0References3
OSV
OSV
added 2018/01/26 4:29 p.m.6 views

CVE-2018-0507

Untrusted search path vulnerability in FLET'S VIRUS CLEAR Easy Setup & Application Tool ver.11 and earlier versions, FLET'S VIRUS CLEAR v6 Easy Setup & Application Tool ver.11 and earlier versions allow an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.8CVSS5.8AI score0.00912EPSS
Exploits0References1
Prion
Prion
added 2017/11/02 3:29 p.m.10 views

Design/Logic Flaw

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

6.8CVSS7.7AI score0.00911EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2017/11/02 3:29 p.m.11 views

CVE-2017-10825

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.8CVSS7.7AI score0.00911EPSS
Exploits0References2
OSV
OSV
added 2017/11/02 3:29 p.m.7 views

CVE-2017-10825

Untrusted search path vulnerability in Installer of Flets Easy Setup Tool Ver1.2.0 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory...

7.8CVSS5.8AI score0.00911EPSS
Exploits0References2
Rows per page
Query Builder