Lucene search
K

74 matches found

OSV
OSV
added 2021/01/29 7:15 a.m.3 views

CVE-2020-28401

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to...

6.5CVSS6.6AI score0.01306EPSS
Exploits0References3
NVD
NVD
added 2021/01/29 7:15 a.m.20 views

CVE-2020-28404

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges...

6.5CVSS6.4AI score0.01306EPSS
Exploits0References3
Prion
Prion
added 2021/01/29 7:15 a.m.15 views

Authorization

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges...

4CVSS6.4AI score0.01306EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2021/01/29 7:15 a.m.10 views

Authorization

An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature...

4CVSS6.4AI score0.01306EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2021/01/29 6:10 a.m.70 views

CVE-2020-28405

CVE-2020-28405 concerns an improper authorization flaw in Star Practice Management Web version 2019.2.0.6. An unauthorized user can change privileges for any user, enabling self-authorization to the administrative role or removing all administrative accounts. The vulnerability is described consis...

8.8CVSS8.6AI score0.01618EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2020/06/15 4:15 p.m.17 views

CVE-2020-14054

SOKKIA GNR5 Vanguard WEB version 1.2 build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3 and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page...

9.8CVSS0.01411EPSS
Exploits0References1
CNVD
CNVD
added 2020/04/07 12:0 a.m.3 views

3xLogic Infinias eIDC32 Authorization Issues Vulnerability

The 3xLogic Infinias eIDC32 is an access control controller from 3xLogic USA. A security vulnerability exists in the 3xLOGIC Infinias eIDC32 Web version 1.107 using firmware version 32 2.213, which originates from the program's authentication via client-side parsing of the <KEY>MYKEY</KEY> string...

9.8CVSS7.2AI score0.00978EPSS
Exploits1
OSV
OSV
added 2020/04/04 10:15 p.m.2 views

CVE-2020-11542

3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring...

9.8CVSS5.8AI score0.00978EPSS
Exploits1References1
CNVD
CNVD
added 2020/03/31 12:0 a.m.3 views

Inspection management system web version has a universal password login vulnerability

Inspection management system is a service installed in the cloud platform, realizing multi-platform PC backstage management, APP instant view, patrol stick patrol, multi-department, multi-level, cross-region management of the patrol inspection system. There is a universal password login...

7AI score
Exploits0
CNVD
CNVD
added 2020/03/27 12:0 a.m.2 views

SQL Injection Vulnerability in Web Version of Inspection Management System

Inspection management system is a service installed in the cloud platform, realizing multi-platform PC backstage management, APP instant view, patrol stick patrol, multi-department, multi-level, cross-region management of the patrol inspection system. There is a SQL injection vulnerability in the...

7.7AI score
Exploits0
CNVD
CNVD
added 2020/02/23 12:0 a.m.2 views

Western Digital My Cloud Cross-Site Scripting Vulnerability

Western Digital My Cloud is a personal cloud storage device from Western Digital. A cross-site scripting vulnerability exists in Western Digital mycloud.com Web version versions prior to 2.2.0-134. The vulnerability stems from the WEB application lacking proper validation of client data. An...

6.1CVSS6.3AI score0.00865EPSS
Exploits0References1
OSV
OSV
added 2020/02/20 11:15 p.m.4 views

CVE-2020-8960

Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS...

6.1CVSS6.4AI score0.00865EPSS
Exploits0References3
NVD
NVD
added 2020/02/20 11:15 p.m.23 views

CVE-2020-8960

Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS...

6.1CVSS6.3AI score0.00865EPSS
Exploits0References3
Cvelist
Cvelist
added 2020/02/20 10:3 p.m.24 views

CVE-2020-8960

Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS...

6.3AI score0.00865EPSS
Exploits0References3
NVD
NVD
added 2020/01/14 10:15 p.m.36 views

CVE-2020-7057

Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are...

5.3CVSS5.2AI score0.01103EPSS
Exploits1References1
NVD
NVD
added 2020/01/06 9:15 p.m.23 views

CVE-2019-18842

A cross-site scripting XSS vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by...

6.1CVSS5.9AI score0.00686EPSS
Exploits1References1
OSV
OSV
added 2019/07/31 4:37 p.m.8 views

SUSE-SU-2019:2033-1 Security update for icedtea-web

This update for icedtea-web to version 1.7.2 fixes the following issues: Security issues fixed: - CVE-2019-10181: Fixed an unsigned code injection in a signed JAR file bsc1142835 - CVE-2019-10182: Fixed a path traversal while processing elements of JNLP files results in arbitrary file overwrite...

8.6CVSS8.5AI score0.04022EPSS
Exploits0References7
OSV
OSV
added 2018/12/24 8:29 p.m.5 views

CVE-2018-20436

The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more...

8.1CVSS5.8AI score0.01554EPSS
Exploits1References2
Cvelist
Cvelist
added 2018/11/01 5:0 p.m.27 views

CVE-2018-18776

Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product...

6AI score0.02321EPSS
Exploits5References2
CNVD
CNVD
added 2018/03/16 12:0 a.m.2 views

Override access vulnerability in Spike's web version

Nail is a free multi-end platform for communication and collaboration created by Alibaba Group specifically for Chinese enterprises. Nail web version of the existence of bulk user override access vulnerability, an attacker can exploit the vulnerability bulk traversal of hundreds of millions of ui...

6.9AI score
Exploits0
Rows per page
Query Builder