19 matches found
EUVD-2024-39581
Malicious code in bioql PyPI...
CVE-2024-42376
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application...
Microsoft SQL Server NTLM Stealer
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft SQL Server NTLM Stealer', 'Description' = %q This module can be used to help capture or relay the LM/NTLM credentials of the account...
CVE-2024-42377
SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...
CVE-2024-42377
SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...
CVE-2024-42376
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application...
CVE-2024-42376
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application...
CVE-2024-42377
CVE-2024-42377 concerns the SAP Shared Service Framework. The connected documents describe that an authenticated non-administrative user can call a remote-enabled function, enabling insertion of value entries into a non-sensitive table and resulting in low integrity impact to the application. The...
CVE-2024-42377 Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
SAP shared service framework allows an authenticated non-administrative user to call a remote-enabled function, which will allow them to insert value entries into a non-sensitive table, causing low impact on integrity of the application...
CVE-2024-42376 Multiple Missing Authorization Check vulnerabilities in SAP Shared Service Framework
SAP Shared Service Framework does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. On successful exploitation, an attacker can cause a high impact on confidentiality of the application...
CVE-2024-42376
The CVE concerns SAP Shared Service Framework with a missing authorization check for an authenticated user, enabling privilege escalation. Affected software is SAP Shared Service Framework; the underlying cause is an authorization check omission, leading to high confidentiality impact if exploite...
SAP Shared Service Framework 安全漏洞
SAP Shared Service Framework is an integration platform from SAP, Germany, designed to support the operation and management of shared services within an organization. A security vulnerability exists in SAP Shared Service Framework that stems from not performing the required authorization checks o...
PT-2024-6127
Name of the Vulnerable Software and Affected Versions SAP Shared Service Framework affected versions not specified Description The issue is related to the SAP Shared Service Framework, which does not perform necessary authorization checks for authenticated users. This results in an escalation of...
PT-2024-6828 · Sap · Sap Shared Service Framework
Name of the Vulnerable Software and Affected Versions: SAP Shared Service Framework affected versions not specified Description: The issue is related to insufficient authorization procedures in the SAP Shared Service Framework, allowing a remote attacker to elevate their privileges. An...
CVE-2024-6121
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service...
CVE-2024-6121
CVE-2024-6121 involves NI SystemLink Server shipping an outdated Redis version (affecting NI SystemLink Server 2024 Q1 and earlier; NI FlexLogger 2023 Q2 and earlier). Connected sources confirm CVE-2022-24834 and other Redis flaws; the security issue arises from Lua scripting in Redis, leading to...
CVE-2024-6121 NI SystemLink Server Ships Out of Date Redis Version
An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service...
FreeBSD : RT -- two XSS vulnerabilities (83b38a2c-413e-11e5-bfcf-6805ca0b3d42)
Best Practical reports : RT 4.0.0 and above are vulnerable to a cross-site scripting XSS attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above a...
RT -- two XSS vulnerabilities
Best Practical reports: RT 4.0.0 and above are vulnerable to a cross-site scripting XSS attack via the user and group rights management pages. This vulnerability is assigned CVE-2015-5475. It was discovered and reported by Marcin Kopec at Data Reliance Shared Service Center. RT 4.2.0 and above ar...