652 matches found
CVE-2020-23449
newbee-mall all versions are affected by incorrect access control to remotely gain privileges through NewBeeMallIndexConfigServiceImpl.java. Unauthorized changes can be made to any user information through the userID...
CVE-2020-27256
In SOOIL Developments Co., Ltd Diabecare RS, AnyDana-i and AnyDana-A, a hard-coded physician PIN in the physician menu of the insulin pump allows attackers with physical access to change insulin therapy settings...
CVE-2020-29160
An issue was discovered in Zammad before 3.5.1. A REST API call allows an attacker to change Ticket Article data in a way that defeats auditing...
CVE-2020-24403
Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the...
Spoofing
Magento version 2.4.0 and 2.3.5p1 and earlier are affected by an incorrect user permissions vulnerability within the Inventory component. This vulnerability could be abused by authenticated users with Inventory and Source permissions to make unauthorized changes to inventory source data via the...
CVE-2020-22273
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed such as Payment Settings...
CVE-2020-22273
Neoflex Video Subscription System Version 2.0 is affected by CSRF which allows the Website's Settings to be changed such as Payment Settings...
Unspecified Vulnerability in Oracle Java SE and Oracle Java SE Embedded (CNVD-2020-61049)
Oracle Java SE and Oracle Java SE Embedded are both products of Oracle Corporation.Oracle Java SE is a Java platform for developing and deploying Java applications for desktops, servers, and embedded devices and real-time environments.Oracle Java SE Embedded is a Java platform that targets Java...
PT-2020-4579 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.0 and 2.3.5p1 and earlier Description: The issue is related to incorrect user permissions within the Inventory component, allowing authenticated users with Inventory and Source permissions to make unauthorized changes to...
CVE-2020-7383 SQL Injection in Rapid7 Nexpose
A SQL Injection issue in Rapid7 Nexpose version prior to 6.6.49 that may have allowed an authenticated user with a low permission level to access resources & make changes they should not have been able to access...
PT-2020-15526 · Jenkins · Jenkins Shared Objects Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Shared Objects Plugin versions 0.44 and earlier Description: A cross-site request forgery CSRF issue allows attackers to configure shared objects. This can be exploited by attackers to perform unauthorized actions. Recommendations: Fo...
CVE-2020-12506
Improper Authentication vulnerability in WAGO 750-8XX series with FW version = FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO...
CVE-2020-12505
Improper Authentication vulnerability in WAGO 750-8XX series with FW version = FW07 allows an attacker to change some special parameters without authentication. This issue affects: WAGO 750-852, WAGO 750-880/xxx-xxx, WAGO 750-881, WAGO 750-831/xxx-xxx, WAGO 750-882, WAGO 750-885/xxx-xxx, WAGO...
Unspecified Vulnerability in Oracle E-Business Suite Common Applications (CNVD-2020-43711)
Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle Corporation. The software provides customer relationship management, service management, financial management, etc. Common Applications also known as Oracle Common Application...
CVE-2020-14549
Vulnerability in the Primavera Portfolio Management product of Oracle Construction and Engineering component: Web Server. Supported versions that are affected are 16.1.0.0-16.1.5.1, 18.0.0.0-18.0.2.0 and 19.0.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network...
Siemens Opcenter Execution Core Access Control Error Vulnerability (CNVD-2020-43671)
Opcenter Execution Core formerly known as Camstar Enterprise Platform is a general purpose Manufacturing Execution System MES. An access control error vulnerability exists in Camstar Enterprise Platform all versions and Opcenter Execution Core prior to version 8.2. An attacker could use this...
Unspecified Vulnerability in Oracle E-Business Suite (CNVD-2020-44276)
Oracle E-Business Suite E-Business Suite is the United States Oracle Oracle company's set of fully integrated global business management software. The software provides customer relationship management, service management, financial management and other functions. marketing is one of the...
Siemens Opcenter Execution Core Access Control Error Vulnerability
Opcenter Execution Core formerly known as Camstar Enterprise Platform is a general purpose Manufacturing Execution System MES. A SQL injection vulnerability exists in Siemens Camstar Enterprise Platform and Opcenter Execution Core. An attacker could exploit the vulnerability to view internal...
CVE-2020-7578
A vulnerability has been identified in Camstar Enterprise Platform All versions, Opcenter Execution Core All versions V8.2. Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform...
CVE-2020-7578
A vulnerability has been identified in Camstar Enterprise Platform All versions, Opcenter Execution Core All versions V8.2. Authenticated users could have access to resources they normally would not have. This vulnerability could allow an attacker to view internal information and perform...