Lucene search
K

651 matches found

CNNVD
CNNVD
added 2021/06/17 12:0 a.m.2 views

TrendNet TW100-S4W1CA 跨站请求伪造漏洞

The TrendNet TW100-S4W1CA is a four-port broadband router. A cross-site request forgery vulnerability exists in the TrendNet TW100-S4W1CA version 2.3.32. The vulnerability stems from a lack of proper session control. An attacker could exploit the vulnerability to make unauthorized changes to the...

8.8CVSS5.5AI score0.00379EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2021/06/02 12:0 a.m.6 views

The vulnerability of the Work Provider Site Level Administration component of the application for accessing, organizing, and interacting with various types of Oracle Universal Work Queue tasks allows a malicious actor to disclose protected information or gain access to the creation, modification, or deletion of data.

The vulnerability of the Work Provider Site Level Administration component of the application for accessing, organizing, and interacting with various types of Oracle Universal Work Queue tasks is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker...

8.5CVSS6.7AI score0.00931EPSS
Exploits0References3Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/06/02 12:0 a.m.6 views

The vulnerability of the Resource Exceptions component in the Oracle Work in Process production management system allows a attacker to disclose protected information or gain access to create, modify, or delete data.

The vulnerability of the Resource Exceptions component in the Oracle Work in Process production management system is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to disclose sensitive information or gain access to the ability to create,...

8.5CVSS6.7AI score0.00987EPSS
Exploits0References3Affected Software1
Qualys Blog
Qualys Blog
added 2021/05/25 2:31 p.m.39 views

Monitor Windows Registry Changes with Qualys File Integrity Monitoring

With Windows registries storing a large number of programs and OS security settings and a large amount of raw data, threat actors have begun to use those registries as a data store for their malicious activity. It is therefore imperative for organizations to monitor changes in Windows registries ...

0.3AI score
Exploits0
Hacker One
Hacker One
added 2021/05/16 5:16 p.m.14 views

UPchieve: Clickjacking on profile page leading to unauthorized changes

Summary: Any attacker could use iFrame options to connect remotely to the real website, And he can craft his own website using the iFrame options of the specific link and can lead to unauthorized changes if the user will be logged in. Steps To Reproduce: 1. Login to https://app.upchieve.org/profi...

6.9AI score
Exploits0
CNVD
CNVD
added 2021/05/09 12:0 a.m.4 views

Harbin Xinzhongxin Electronic Co., Ltd. merchant broadcasting system has a logic flaw vulnerability

Xinzhongxin is a leading provider of campus card systems and other solutions in China. A logic flaw vulnerability exists in the Merchant Broadcasting System of Harbin Xinzhongxin Electronic Co. Ltd. that can be exploited by attackers to make unauthorized changes...

6.9AI score
Exploits0
UbuntuCve
UbuntuCve
added 2021/05/06 2:15 p.m.26 views

CVE-2021-22208

An issue has been discovered in GitLab affecting versions starting with 13.5 up to 13.9.7. Improper permission check could allow the change of timestamp for issue creation or update...

4.3CVSS5.7AI score0.00756EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2021/03/25 12:0 a.m.7 views

The vulnerability of the integration component of the Magento Commerce software development and management platform relates to the lack of protection against cross-site request forgery attacks. This allows attackers to perform unauthorized changes to user metadata.

The vulnerability of the integration component of the Magento Commerce software platform for online store development and management is related to the lack of protection against cross-site request forgery attacks. Exploiting this vulnerability allows a malicious actor to perform unauthorized...

4.3CVSS5.3AI score0.01665EPSS
Exploits0References3Affected Software2
CNVD
CNVD
added 2021/03/05 12:0 a.m.8 views

Incorrect ACL Check Vulnerability in Joomla!

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An incorrect ACL checking vulnerability exists in Joomla! 3.0.0 - 3.9.24. An...

5.3CVSS6.5AI score0.0108EPSS
Exploits0References1
OSV
OSV
added 2021/03/04 6:15 p.m.13 views

CVE-2021-26027

An issue was discovered in Joomla! 3.0.0 through 3.9.24. Incorrect ACL checks could allow unauthorized change of the category for an article...

5.3CVSS6.9AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2021/03/04 12:0 a.m.4 views

PT-2021-16920 · Joomla · Joomla!

Name of the Vulnerable Software and Affected Versions: Joomla! versions 3.0.0 through 3.9.24 Description: An issue was discovered where incorrect ACL checks could allow unauthorized change of the category for an article. Recommendations: For Joomla! versions 3.0.0 through 3.9.24, update to a...

5.3CVSS6.9AI score0.0108EPSS
Exploits0References6
Cvelist
Cvelist
added 2021/03/03 3:25 a.m.38 views

CVE-2021-22863 Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requests

An improper access control vulnerability was identified in the GitHub Enterprise Server GraphQL API that allowed authenticated users of the instance to modify the maintainer collaboration permission of a pull request without proper authorization. By exploiting this vulnerability, an attacker woul...

8.2AI score0.00968EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/03/02 12:0 a.m.5 views

Joomla 安全漏洞

Joomla! is a globally recognized content management system developed using the PHP language coupled with a MySQL database that can be implemented on various platforms such as Linux, Windows, MacOSX, and many others. An incorrect ACL checking vulnerability exists in Joomla! 3.0.0 - 3.9.24. An...

5.3CVSS5.7AI score0.0108EPSS
Exploits0References3
CNVD
CNVD
added 2021/02/10 12:0 a.m.8 views

Advantech iView Critical Functions Lack Authentication Vulnerability

Advantech iView is a device management application for the energy, water and wastewater industries. A vulnerability exists in Advantech iView prior to version 5.7.03.6112 due to a lack of authentication for critical functions. An attacker could use this vulnerability to make unauthorized changes ...

9.8CVSS6.9AI score0.36845EPSS
Exploits4References1
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.6 views

Adobe Magento 跨站请求伪造漏洞

Adobe Magento is Adobe's one with PHP written in open source e-commerce platform.Magento Community Edition is the community edition, later renamed Magento Open Source, Magento Enterprise Edition is the enterprise edition, later renamed Magento Magento Enterprise Edition is the enterprise edition,...

4.3CVSS5.7AI score0.01665EPSS
Exploits0References4
CNNVD
CNNVD
added 2021/02/09 12:0 a.m.7 views

Advantech Iview 访问控制错误漏洞

Advantech iView is a device management application for the energy, water and wastewater industries. A vulnerability exists in Advantech iView prior to version 5.7.03.6112 due to a lack of authentication for critical functions. An attacker could use this vulnerability to make unauthorized changes ...

9.8CVSS7.4AI score0.36845EPSS
Exploits4References6
CNVD
CNVD
added 2021/01/29 12:0 a.m.8 views

newbee-mall Access Control Error Vulnerability

newbee-mall is an e-commerce system. An access control error vulnerability exists in all versions of newbee-mall, where an attacker cannot remotely gain privileges via NewBeeMallIndexConfigServiceImpl. java, but can make unauthorized changes to any user information via userID...

7.5CVSS6.7AI score0.00869EPSS
Exploits1References1
NVD
NVD
added 2021/01/26 6:15 p.m.18 views

CVE-2020-23449

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID...

7.5CVSS7.5AI score0.00869EPSS
Exploits1References1
Prion
Prion
added 2021/01/26 6:15 p.m.14 views

Design/Logic Flaw

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID...

5CVSS7.5AI score0.00869EPSS
Exploits1References1
Cvelist
Cvelist
added 2021/01/26 5:16 p.m.16 views

CVE-2020-23449

newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID...

7.6AI score0.00869EPSS
Exploits1References1
Rows per page
Query Builder