74 matches found
CVE-2020-28401
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access WIP details about jobs he should not have access to...
CVE-2020-28404
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges...
Authorization
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access the Billing page without the appropriate privileges...
Authorization
An improper authorization vulnerability exists in Star Practice Management Web version 2019.2.0.6, allowing an unauthorized user to access details about jobs he should not have access to via the Audit Trail Feature...
CVE-2020-28405
CVE-2020-28405 concerns an improper authorization flaw in Star Practice Management Web version 2019.2.0.6. An unauthorized user can change privileges for any user, enabling self-authorization to the administrative role or removing all administrative accounts. The vulnerability is described consis...
CVE-2020-14054
SOKKIA GNR5 Vanguard WEB version 1.2 build: 91f2b2c3a04d203d79862f87e2440cb7cefc3cd3 and hardware version 212 allows remote attackers to bypass admin authentication via a SQL injection attack that uses the User Name or Password field on the login page...
3xLogic Infinias eIDC32 Authorization Issues Vulnerability
The 3xLogic Infinias eIDC32 is an access control controller from 3xLogic USA. A security vulnerability exists in the 3xLOGIC Infinias eIDC32 Web version 1.107 using firmware version 32 2.213, which originates from the program's authentication via client-side parsing of the <KEY>MYKEY</KEY> string...
CVE-2020-11542
3xLOGIC Infinias eIDC32 2.213 devices with Web 1.107 allow Authentication Bypass via CMD.HTM?CMD= because authentication depends on the client side's interpretation of the MYKEY substring...
Inspection management system web version has a universal password login vulnerability
Inspection management system is a service installed in the cloud platform, realizing multi-platform PC backstage management, APP instant view, patrol stick patrol, multi-department, multi-level, cross-region management of the patrol inspection system. There is a universal password login...
SQL Injection Vulnerability in Web Version of Inspection Management System
Inspection management system is a service installed in the cloud platform, realizing multi-platform PC backstage management, APP instant view, patrol stick patrol, multi-department, multi-level, cross-region management of the patrol inspection system. There is a SQL injection vulnerability in the...
Western Digital My Cloud Cross-Site Scripting Vulnerability
Western Digital My Cloud is a personal cloud storage device from Western Digital. A cross-site scripting vulnerability exists in Western Digital mycloud.com Web version versions prior to 2.2.0-134. The vulnerability stems from the WEB application lacking proper validation of client data. An...
CVE-2020-8960
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS...
CVE-2020-8960
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS...
CVE-2020-8960
Western Digital mycloud.com before Web Version 2.2.0-134 allows XSS...
CVE-2020-7057
Hikvision DVR DS-7204HGHI-F1 V4.0.1 build 180903 Web Version sends a different response for failed ISAPI/Security/sessionLogin/capabilities login attempts depending on whether the user account exists, which might make it easier to enumerate users. However, only about 4 or 5 failed logins are...
CVE-2019-18842
A cross-site scripting XSS vulnerability in the configuration web interface of the Jinan USR IOT USR-WIFI232-S/T/G2/H Low Power WiFi Module with web version 1.2.2 allows attackers to leak credentials of the Wi-Fi access point the module is logged into, and the web interface login credentials, by...
SUSE-SU-2019:2033-1 Security update for icedtea-web
This update for icedtea-web to version 1.7.2 fixes the following issues: Security issues fixed: - CVE-2019-10181: Fixed an unsigned code injection in a signed JAR file bsc1142835 - CVE-2019-10182: Fixed a path traversal while processing elements of JNLP files results in arbitrary file overwrite...
CVE-2018-20436
The "secret chat" feature in Telegram 4.9.1 for Android has a "side channel" in which Telegram servers send GET requests for URLs typed while composing a chat message, before that chat message is sent. There are also GET requests to other URLs on the same web server. This also affects one or more...
CVE-2018-18776
Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting XSS vulnerability via the admin/admin.asp ShowAll parameter. NOTE: this is a deprecated product...
Override access vulnerability in Spike's web version
Nail is a free multi-end platform for communication and collaboration created by Alibaba Group specifically for Chinese enterprises. Nail web version of the existence of bulk user override access vulnerability, an attacker can exploit the vulnerability bulk traversal of hundreds of millions of ui...