651 matches found
TrendNet TW100-S4W1CA 跨站请求伪造漏洞
The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site request forgery vulnerability exists in the TrendNet TW100-S4W1CA version 2.3.32. The vulnerability stems from a lack of proper session control. An attacker could exploit the vulnerability to make unauthorized changes to the...
The vulnerability of the Work Provider Site Level Administration component of the application for accessing, organizing, and interacting with various types of Oracle Universal Work Queue tasks allows a malicious actor to disclose protected information or gain access to the creation, modification, or deletion of data.
The vulnerability of the Work Provider Site Level Administration component of the application for accessing, organizing, and interacting with various types of Oracle Universal Work Queue tasks is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker...
The vulnerability of the Resource Exceptions component in the Oracle Work in Process production management system allows a attacker to disclose protected information or gain access to create, modify, or delete data.
The vulnerability of the Resource Exceptions component in the Oracle Work in Process production management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to disclose sensitive information or gain access to the ability to create,...
Monitor Windows Registry Changes with Qualys File Integrity Monitoring
With Windows registries storing a large number of programs and OS security settings and a large amount of raw data, threat actors have begun to use those registries as a data store for their malicious activity. It is therefore imperative for organizations to monitor changes in Windows registries ...
UPchieve: Clickjacking on profile page leading to unauthorized changes
Summary: Any attacker could use iFrame options to connect remotely to the real website, And he can craft his own website using the iFrame options of the specific link and can lead to unauthorized changes if the user will be logged in. Steps To Reproduce: 1. Login to https://app.upchieve.org/profi...
Harbin Xinzhongxin Electronic Co., Ltd. merchant broadcasting system has a logic flaw vulnerability
Xinzhongxin is a leading provider of campus card systems and other solutions in China. A logic flaw vulnerability exists in the Merchant Broadcasting System of Harbin Xinzhongxin Electronic Co. Ltd. that can be exploited by attackers to make unauthorized changes...
CVE-2021-22208
An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update...
The vulnerability of the integration component of the Magento Commerce software development and management platform relates to the lack of protection against cross-site request forgery attacks. This allows attackers to perform unauthorized changes to user metadata.
The vulnerability of the integration component of the Magento Commerce software platform for online store development and management is related to the lack of protection against cross-site request forgery attacks. Exploiting this vulnerability allows a malicious actor to perform unauthorized...
Incorrect ACL Check Vulnerability in Joomla!
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An incorrect ACL checking vulnerability exists in Joomla! 3.0.0 - 3.9.24. An...
CVE-2021-26027
An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article...
PT-2021-16920 · Joomla · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.24 Description: An issue was discovered where incorrect ACL checks could allow unauthorized change of the category for an article. Recommendations: For Joomla! versions 3.0.0 through 3.9.24, update to a...
CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests
An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...
Joomla 安全漏洞
Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An incorrect ACL checking vulnerability exists in Joomla! 3.0.0 - 3.9.24. An...
Advantech iView Critical Functions Lack Authentication Vulnerability
Advantech iView is a device management application for the energy, water and wastewater industries. A vulnerability exists in Advantech iView prior to version 5.7.03.6112 due to a lack of authentication for critical functions. An attacker could use this vulnerability to make unauthorized changes ...
Adobe Magento 跨站请求伪造漏洞
Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...
Advantech Iview 访问控制错误漏洞
Advantech iView is a device management application for the energy, water and wastewater industries. A vulnerability exists in Advantech iView prior to version 5.7.03.6112 due to a lack of authentication for critical functions. An attacker could use this vulnerability to make unauthorized changes ...
newbee-mall Access Control Error Vulnerability
newbee-mall is an e-commerce system. An access control error vulnerability exists in all versions of newbee-mall, where an attacker cannot remotely gain privileges via NewBeeMallIndexConfigServiceImpl. java, but can make unauthorized changes to any user information via userID...
CVE-2020-23449
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID...
Design/Logic Flaw
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID...
CVE-2020-23449
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID...