CVE-2023-20163

Multiple vulnerabilities in Cisco Identity Services Engine ISE could allow an authenticated attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. To exploit these vulnerabilities, an attacker must have valid credentials on an affected...

Design/Logic Flaw

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface...

CVE-2023-23449

Observable Response Discrepancy in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames by analyzing challenge responses from the server via the REST interface...

CVE-2023-23448

Inclusion of Sensitive Information in Source Code in SICK FTMg AIR FLOW SENSOR with Partnumbers 1100214, 1100215, 1100216, 1120114, 1120116, 1122524, 1122526 allows a remote attacker to gain information about valid usernames via analysis of source code...

SICK FTMg 安全漏洞

SICK FTMg is a flow sensor from SICK. A security vulnerability exists in the SICK FTMg AIR FLOW SENSOR that arises from the inclusion of sensitive information in the source code, which could allow a remote attacker to analyze the source code to obtain information about a valid user name...

CVE-2023-22791

A vulnerability exists in Aruba InstantOS and ArubaOS 10 where an edge-case combination of network configuration, a specific WLAN environment and an attacker already possessing valid user credentials on that WLAN can lead to sensitive information being disclosed via the WLAN. The scenarios in whi...

CVE-2023-0683

A valid, authenticated XCC user with read only access may gain elevated privileges through a specifically crafted API call...

CVE-2022-45876

Versions of VISAM VBASE Automation Base prior to 11.7.5 may disclose information if a valid user opens a specially crafted file...

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...

CVE-2023-30458

A username enumeration issue was discovered in Medicine Tracker System 1.0. The login functionality allows a malicious user to guess a valid username due to a different response time from invalid usernames. When one enters a valid username, the response time increases depending on the length of t...

CVE-2022-47505

The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges...

PT-2023-15382 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue allows a local adversary with a valid system user account to escalate local privileges. This is related to a Local Privilege Escalation Vulnerability in the SolarWinds...

PT-2023-15383 · Solarwinds · Solarwinds Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Platform affected versions not specified Description: The issue allows a remote adversary with a valid SolarWinds Platform account to inject HTML by appending URL parameters. This is due to the Incorrect Input Neutralization...

CVE-2022-47505 SolarWinds Platform Local Privilege Escalation Vulnerability

The SolarWinds Platform was susceptible to the Local Privilege Escalation Vulnerability. This vulnerability allows a local adversary with a valid system user account to escalate local privileges...

Remote code execution

A CWE-668: Exposure of Resource to Wrong Sphere vulnerability exists that could cause remote code execution when a valid user visits a malicious link provided through the web endpoints. Affected Products: EcoStruxure Control Expert V15.1 and above...

CVE-2022-2445

Rejected reason: Incorrectly assigned CVE. Not a valid issue...

Fortinet Fortigate (FG-IR-22-444)

The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-22-444 advisory. - An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 throug...

CVE-2022-43947

An improper restriction of excessive authentication attempts vulnerability CWE-307 in Fortinet FortiOS version 7.2.0 through 7.2.3 and before 7.0.10, FortiProxy version 7.2.0 through 7.2.2 and before 7.0.8 administrative interface allows an attacker with a valid user account to perform brute-forc...

Protect

An improper restriction of excessive authentication attempts vulnerability CWE-307 in FortiOS & FortiProxy administrative interface may allow an attacker with a valid user account to perform brute-force attacks on other user accounts via injecting valid login sessions...

modoboa 2.0.4 - Admin TakeOver

/ Exploit Title: modoboa 2.0.4 - Admin TakeOver Description: Authentication Bypass by Primary Weakness Date: 02/10/2023 Software Link: https://github.com/modoboa/modoboa Version: modoboa/modoboa prior to 2.0.4 Tested on: Arch Linux Exploit Author: 7h3h4ckv157 CVE: CVE-2023-0777 / package main...