15 matches found
CVE-2025-41014
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
CVE-2025-41013
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
CVE-2025-41013
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
CVE-2025-41013
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
CVE-2025-41015
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41014
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
CVE-2025-41015 User Enumeration vulnerability in TCMAN GIM
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetUserQuestionAndAnswer' in...
CVE-2025-41014
CVE-2025-41014 affects TCMAN GIM v11 (version 20250304). Affected component: the web service at /WS/PDAWebService.asmx, using the parameter pda:username with soapaction GetLastDatePasswordChange. Root cause is user enumeration via an unauthenticated request, enabling determination of whether a us...
CVE-2025-41014 User Enumeration vulnerability in TCMAN GIM
User Enumeration Vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system. The vulnerability is exploitable through the 'pda:username' parameter with 'soapaction GetLastDatePasswordChange' in...
CVE-2025-41012
Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...
CVE-2025-41013 SQL injection vulnerability in TCMAN GIM
SQL injection vulnerability in TCMAN GIM v11 in version 20250304. This vulnerability allows an attacker to retrieve, create, update, and delete databases by sending a GET request using the 'idmant' parameter in '/PC/frmEPIS.aspx'...
TCMAN GIM 安全漏洞
TCMAN GIM is a management system from the Spanish company TCMAN. A security vulnerability exists in TCMAN GIM version v11, which stems from improper authorization and could allow an unprivileged attacker to modify user privileges...
CVE-2025-40620
SQL injection in TCMAN's GIM v11. This vulnerability allows an unauthenticated attacker to inject an SQL statement to obtain, update and delete all information in the database. This vulnerability was found in each of the following parameters according to the vulnerability identifier ‘User’...
CVE-2022-36276
TCMAN GIM v8.0.1 is vulnerable to a SQL injection via the 'SqlWhere' parameter inside the function 'BuscarESM'. The exploitation of this vulnerability might allow a remote attacker to directly interact with the database...
TCMAN GIM Cross-Site Scripting Vulnerability
TCMAN GIM is a CMMS from TCMAN, Inc. that can be used in a variety of areas: industrial, facilities, healthcare, fleet and maintenance services. A cross-site scripting vulnerability exists in TCMAN GIM version v8.0.1, which stems from the sReferencia, sDescription, txtCodigo, and txtDeripcion...