233 matches found
CVE-2024-28971
Dell Update Manager Plugin, versions 1.4.0 through 1.5.0, contains a Plain-text Password Storage Vulnerability in Log file. A remote high privileged attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the...
CVE-2024-28971
The CVE-2024-28971 entry corresponds to Dell Update Manager Plugin versions 1.4.0–1.5.0, with a plain-text password storage vulnerability in the log file that could lead to disclosure of user credentials. Multiple connected sources confirm the issue and potential credential exposure; exploitation...
PT-2024-22654 · Dell · Dell Update Manager Plugin
Name of the Vulnerable Software and Affected Versions: Dell Update Manager Plugin versions 1.4.0 through 1.5.0 Description: The issue concerns a Plain-text Password Storage Vulnerability in the log file of the Dell Update Manager Plugin. A remote high privileged attacker could potentially exploit...
Dell Update Manager Plugin 安全漏洞
Dell Update Manager Plugin is an update management plugin from Dell USA. A security vulnerability exists in Dell Update Manager Plugin versions 1.4.0 through 1.5.0, which stems from a log file containing plain text passwords, resulting in the disclosure of certain user credentials...
CVE-2023-51574
Voltronic Power ViewPower updateManagerPassword Exposed Dangerous Method Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower. Authentication is not required to exploit this vulnerability. T...
Voltronic Power ViewPower 安全漏洞
Voltronic Power ViewPower is Voltronic Power's monitoring and management software for solar inverters. A security bypass vulnerability exists in Voltronic Power ViewPower that stems from a specific flaw in the updateManagerPassword method, which can be exploited by an attacker to bypass...
CVE-2023-51573
Voltronic Power ViewPower Pro updateManagerPassword Exposed Dangerous Function Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Voltronic Power ViewPower Pro. Authentication is not required to exploit this...
The vulnerability of the `updateManagerPassword` method in the software for managing power supply sources of Voltronic Power ViewPower allows a perpetrator to bypass the authentication process and gain unauthorized access to the software.
The vulnerability of the updateManagerPassword method in the software for managing power supply sources of Voltronic Power ViewPower is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to bypass the authentication...
The vulnerability of the updateManagerPassword function in the software for managing power sources of Voltronic Power ViewPower Pro allows a intruder to bypass the authentication process and gain unauthorized access to the software.
The vulnerability of the updateManagerPassword function in the software for managing power sources of Voltronic Power ViewPower Pro is related to deficiencies in the authentication process. Exploiting this vulnerability could allow an attacker, operating remotely, to bypass the authentication...
CVE-2021-40376
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...
CVE-2021-40376
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...
Code injection
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...
otris Update Manager 授权问题漏洞
otris Update Manager is used by otris for compliance digitization. A security vulnerability exists in otris Update Manager 1.2.1.0 that allows local users to gain access to SYSTEM via unauthenticated calls and allows remote attacks on HTTP traffic on TCP port 9000 using WsHTTPBinding...
CVE-2021-40376
otris Update Manager 1.2.1.0 allows local users to achieve SYSTEM access via unauthenticated calls to exposed interfaces over a .NET named pipe. A remote attack may be possible as well, by leveraging WsHTTPBinding for HTTP traffic on TCP port 9000...
CVE-2021-40376
CVE-2021-40376 affects otris Update Manager 1.2.1.0. The vulnerability allows local users to obtain SYSTEM privileges by sending unauthenticated calls to exposed interfaces via a .NET named pipe. A remote attack may be possible by abusing WsHTTPBinding for HTTP traffic on TCP port 9000. CVSS data...
CVE-2021-45389
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864...
CVE-2021-45389
A flaw was found with the JWT token. A self-signed JWT token could be injected into the update manager and bypass the authentication process, thus could escalate privileges. This affects StarWind SAN and NAS build 1578 and StarWind Command Center build 6864...
PT-2022-12338 · Starwind · Starwind Command Center +1
Name of the Vulnerable Software and Affected Versions: StarWind SAN and NAS build 1578 StarWind Command Center build 6864 Description: A flaw was found with the JWT token, allowing a self-signed JWT token to be injected into the update manager and bypass the authentication process, thus escalatin...
Hitachi Energy PCM600 Update Manager
1. EXECUTIVE SUMMARY CVSS v3 6.7 Vendor: Hitachi Energy Equipment: PCM600 Update Manager Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to bypass the certificate validation and install an untrusted software...
CVE-2021-22278
A certificate validation vulnerability in PCM600 Update Manager allows attacker to get unwanted software packages to be installed on computer which has PCM600 installed...