16 matches found
CVE-2025-67793
An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...
CVE-2025-67793
An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...
CVE-2025-67793
An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...
DriveLock 安全漏洞
DriveLock is an endpoint security and data protection platform from DriveLock Germany. A security vulnerability exists in DriveLock versions 24.1 and prior to 24.1.x, 24.2 and prior to 24.2.x, and 25.1.6 and prior to 25.1.6, which stems from the fact that a user with administrative role and...
CVE-2025-67793
An issue was discovered in DriveLock 24.1 through 24.1., 24.2 through 24.2., and 25.1 before 25.1.6. Users with the "Manage roles and permissions" privilege can promote themselves or other DOC users to the Supervisor role through an API call. This privilege is included by default in the...
EUVD-2020-7112
Malware in sbrugna...
CVE-2024-20540
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists...
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...
CVE-2024-56114
Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from the...
CVE-2024-20540
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists...
CVE-2024-20540 Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists...
CVE-2024-20540
Cisco CVE-2024-20540 affects the web-based management interface of Cisco Unified Contact Center Management Portal (Unified CCMP). The issue is a stored cross-site scripting (XSS) vulnerability caused by improper validation of user-supplied input in a page of the interface. An authenticated attack...
CVE-2024-20540 Cisco Unified Contact Center Management Portal Stored Cross-Site Scripting Vulnerability
A vulnerability in the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP could allow an authenticated, remote attacker with low privileges to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability exists...
PT-2024-8283 · Cisco · Cisco Unified Contact Center Management Portal
Name of the Vulnerable Software and Affected Versions: Cisco Unified Contact Center Management Portal Unified CCMP affected versions not specified Description: The issue is related to the web-based management interface of Cisco Unified Contact Center Management Portal Unified CCMP and is caused b...
PT-2023-3935 · Cisco · Cisco Broadworks
Name of the Vulnerable Software and Affected Versions: Cisco BroadWorks affected versions not specified Description: A vulnerability in the privilege management functionality could allow an authenticated, local attacker to elevate privileges to root on an affected system. This issue is due to...
CVE-2020-14982
A Blind SQL Injection vulnerability in Kronos WebTA 3.8.x and later before 4.0 affecting the com.threeis.webta.H352premPayRequest servlet's SortBy parameter allows an attacker with the Employee, Supervisor, or Timekeeper role to read sensitive data from the database...