30 matches found
Sauter modu680-AS 安全漏洞
Sauter modu680-AS is a modular automation station cum web server from Sauter, Switzerland. A security vulnerability exists in the Sauter modu680-AS that originates from a low-privileged remote attacker who can corrupt the web server user store on the appliance by setting a series of unsupported...
CVE-2025-9955
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
EUVD-2025-34752
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-9955
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-9955
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-9955 Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-9955 Improper Access Control in WSO2 Enterprise Integrator Product via SOAP Admin Services for Logs and User-Store Configuration
An improper access control vulnerability exists in WSO2 Enterprise Integrator product due to insufficient permission restrictions on internal SOAP admin services related to system logs and user-store configuration. A low-privileged user can access log data and user-store configuration details tha...
CVE-2025-9955
CVE-2025-9955: An improper access control vulnerability in WSO2 Enterprise Integrator arises from insufficient permission restrictions on internal SOAP admin services governing system logs and user-store configuration. A low-privileged user can view log data and user-store configuration details n...
EUVD-2022-3804
Malicious code in bioql PyPI...
CVE-2024-8008
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
GHSA-XPXP-R8HF-WGF6 WSO2 products vulnerable to Cross-site Scripting
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
Cross-site Scripting (XSS)
Overview org.wso2.carbon.identity.framework:org.wso2.carbon.identity.user.store.configuration.ui is an User Store UI component for WSO2 Carbon Affected versions of this package are vulnerable to Cross-site Scripting XSS due to insufficient output encoding in error messages generated by the JDBC...
CVE-2024-8008
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
CVE-2024-8008
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
CVE-2024-8008 Reflected Cross-Site Scripting (XSS) in Multiple WSO2 Products via JDBC User Store Connection Validation
A reflected cross-site scripting XSS vulnerability exists in multiple WSO2 products due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. A malicious actor can inject a specially crafted payload into the request, causing the browser ...
CVE-2024-8008
CVE-2024-8008 is a reflected Cross-Site Scripting (XSS) vulnerability in multiple WSO2 products caused by insufficient output encoding in error messages from the JDBC user store connection validation request. An attacker can craft a request payload that triggers JavaScript execution in the victim...
PT-2025-23539
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. Description A reflected cross-site scripting XSS issue exists due to insufficient output encoding in error messages generated by the JDBC user store connection validation request. This allows a malicious...
Streamlining Microsoft Teams Roaming with Citrix Profile Management: A Guide for Administrators
This guide provides Citrix administrators with a concise and practical approach to configuring Microsoft Teams roaming with Citrix Profile Management UPM. It consolidates key information and best practices to ensure a smooth and efficient implementation. Prerequisites 1. Teams Roaming Enablement:...
Authentication flaw
The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...
CVE-2023-36655
The login REST API in ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination...