Lucene search
K

447 matches found

Cvelist
Cvelist
added 2024/04/03 4:22 p.m.15 views

CVE-2024-20332

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

5.5CVSS5.8AI score0.00369EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/04/03 4:22 p.m.13 views

CVE-2024-20332

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct a server-side request forgery SSRF attack through an affected device. This vulnerability is due to improper input validation for specific HTTP...

5.5CVSS7AI score0.00369EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/04/03 12:0 a.m.4 views

PT-2024-3822 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine ISE affected versions not specified Description: The issue is related to improper input validation for specific HTTP requests in the web-based management interface, allowing an authenticated, remote attacker to...

5.5CVSS7.1AI score0.00369EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2024/03/25 12:0 a.m.358 views

LimeSurvey Community 5.3.32 - Stored XSS

Exploit Title: Stored Cross-Site Scripting XSS in LimeSurvey Community Edition Version 5.3.32+220817 Exploit Author: Subhankar Singh Date: 2024-02-03 Vendor: LimeSurvey Software Link: https://community.limesurvey.org/releases/ Version: LimeSurvey Community Edition Version 5.3.32+220817 Tested on:...

6.1CVSS6.6AI score0.00677EPSS
Exploits4
OSV
OSV
added 2024/03/06 11:1 a.m.16 views

BIT-PHPLIST-2023-27576

An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super admin, allowing one to perform an account takeover of the user with super-admin permission. Specifically, for a request with updatepassword=1, a modified...

6.7CVSS6.6AI score0.00343EPSS
Exploits1References3
Exploit DB
Exploit DB
added 2024/02/27 12:0 a.m.311 views

Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin

Exploit Title: Automatic-Systems SOC FL9600 FastLine - The device contains hardcoded login and password for super admin Google Dork: Date: 12/9/2023 Exploit Author: Mike Jankowski-Lorek, Marcin Kozlowski / Cqure Vendor Homepage: http://automatic-systems.com Software Link: Version: V06 Tested on:...

7.5CVSS7.6AI score0.00892EPSS
Exploits4
Prion
Prion
added 2024/02/15 2:15 p.m.23 views

Privilege escalation

An improper privilege management vulnerability CWE-269 in Fortinet FortiClientEMS version 7.2.0 through 7.2.2 and before 7.0.10 allows an Site administrator with Super Admin privileges to perform global administrative operations affecting other sites via crafted HTTP or HTTPS requests...

5.8CVSS7.3AI score0.00823EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/08 12:0 a.m.5 views

PT-2024-1746 · Fortinet · Forticlientems

Name of the Vulnerable Software and Affected Versions: Fortinet FortiClientEMS versions 7.2.0 through 7.2.2 Fortinet FortiClientEMS versions before 7.0.10 Description: The issue is related to improper privilege management, allowing a Site administrator with Super Admin privileges to perform globa...

9CVSS7.3AI score0.00823EPSS
Exploits0References8
OSV
OSV
added 2024/01/03 1:15 p.m.3 views

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

7.5CVSS5.9AI score0.00892EPSS
Exploits4References4
Positive Technologies
Positive Technologies
added 2024/01/03 12:0 a.m.3 views

PT-2024-12647 · Automatic Systems · Automatic Systems Soc Fl9600

Name of the Vulnerable Software and Affected Versions: Automatic Systems SOC FL9600 FirstLane version V06 lego T04E00 Automatic Systems SOC FL9600 FastLine version v.legoT04E00 Description: An issue in Automatic Systems SOC FL9600 allows a remote attacker to obtain sensitive information because...

7.5CVSS7.1AI score0.00892EPSS
Exploits4References12
Vulnrichment
Vulnrichment
added 2024/01/03 12:0 a.m.5 views

CVE-2023-37608

An issue in Automatic Systems SOC FL9600 FirstLane V06 legoT04E00 allows a remote attacker to obtain sensitive information because there is an automaticsystems super admin account with astech as its hardcoded password...

7.3AI score0.00892EPSS
Exploits4References2
NVD
NVD
added 2023/12/12 1:15 a.m.10 views

CVE-2023-36651

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...

7.2CVSS0.00996EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/12/12 1:15 a.m.6 views

CVE-2023-36651

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...

7.2CVSS7.2AI score0.00996EPSS
Exploits1References2
OSV
OSV
added 2023/12/12 1:15 a.m.5 views

CVE-2023-36651

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...

7.2CVSS5.8AI score0.00996EPSS
Exploits1References1
Prion
Prion
added 2023/12/12 1:15 a.m.15 views

Hardcoded credentials

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...

5.8CVSS7.3AI score0.00996EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/12/12 12:0 a.m.33 views

CVE-2023-36651

Summary: CVE-2023-36651 affects ProLion CryptoSpike 3.0.15P2. The issue arises from hidden and hard-coded credentials that let remote attackers log in to web management as super-admin and access the most privileged REST API endpoints. The available sources consistently describe the vulnerability ...

7.2CVSS6.9AI score0.00996EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.14 views

CVE-2023-36651

Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials...

7.2AI score0.00996EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2023/12/11 12:0 a.m.7 views

PT-2023-25655 · Prolion · Prolion Cryptospike

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue concerns hidden and hard-coded credentials in the software, allowing remote attackers to login to web management as a super-admin. This access enables the consumption of the most...

7.2CVSS6.9AI score0.00996EPSS
Exploits1References5
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.162 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution. Submit the following form as a Super Admin notice that it does not contain a nonce. Despite the error,...

8.8CVSS9.7AI score0.0055EPSS
Exploits2
wpexploit
wpexploit
added 2023/11/21 12:0 a.m.170 views

WP All Export (Free < 1.4.1, Pro < 1.8.6) - Author+ PHAR Deserialization via CSRF

Description The plugin does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. 1. Ensure your WordPress...

8.8CVSS9.7AI score0.0055EPSS
Exploits2
Rows per page
Query Builder