181 matches found
CVE-2022-30730
Improper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication...
Barco Control Room 授权问题漏洞
Barco Control Room is a visualization and collaboration solution from Barco Belgium. It is used to build control rooms. A security vulnerability previously existed in the Barco Control Room Management Suite web application version 3.14, which stemmed from the ability to expose log files without...
CVE-2022-22189 Contrail Service Orchestration: An authenticated local user may have their permissions elevated via the device via management interface without authentication
An Incorrect Ownership Assignment vulnerability in Juniper Networks Contrail Service Orchestration CSO allows a locally authenticated user to have their permissions elevated without authentication thereby taking control of the local system they are currently authenticated to. This issue affects:...
PT-2022-2299 · Cisco · Cisco Iox +1
Name of the Vulnerable Software and Affected Versions: Cisco IOx affected versions not specified Description: The issue exists due to incorrect restriction of the directory path name with limited access. An attacker could inject arbitrary commands into the underlying host operating system, execut...
CVE-2022-25832
Improper authentication vulnerability in S Secure prior to SMR Apr-2022 Release 1 allows physical attackers to use locked Myfiles app without authentication...
CVE-2022-24929
Unprotected Activity in AppLock prior to SMR Mar-2022 Release 1 allows attacker to change the list of locked app without authentication...
GHSA-C566-2GRG-MJWG Serialization vulnerability in Apache Tapestry
A Java Serialization vulnerability was found in Apache Tapestry 4. Apache Tapestry 4 will attempt to deserialize the "sp" parameter even before invoking the page's validate method, leading to deserialization without authentication. Apache Tapestry 4 reached end of life in 2008 and no update to...
Default configuration
Fresenius Kabi Agilia SP MC WiFi vD25 and prior has a default configuration page accessible without authentication. An attacker may use this functionality to change the exposed configuration values such as network settings...
Spinnaker 访问控制错误漏洞
Spinnaker is a continuous delivery platform. Used to release software changes with high speed and confidence. Spinnaker has a security vulnerability that stems from the presence of inappropriate privileges in the software that allow for pipeline creation and execution. This allows an arbitrary us...
CVE-2021-27561
Yealink Device Management DM 3.6.0.20 allows command injection as root via the /sm/api/v1/firewall/zone/services URI, without authentication...
CVE-2020-19964
A Cross Site Request Forgery CSRF vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication...
Tad Uploader 访问控制错误漏洞
Tad Uploader is a file upload management module from the individual developers of Tad in Taiwan, China.An authorization issue vulnerability exists in Tad Uploader, which could be exploited by remote attackers to modify the names of folders in a booklist using this feature without logging in...
Siemens Industrial Edge Management 授权问题漏洞
An authorization bypass vulnerability exists in Siemens Industrial Edge Management, a Siemens platform for hosting applications from various vendors on a computing platform close to the shop floor. Lack of effective privilege management for changing passwords. The vulnerability allows an attacker...
Zoho ManageEngine DesktopCentral授权问题漏洞
ZOHO ManageEngine DesktopCentral is used by ZOHO for cloud-scale monitoring to reduce complexity.ZOHO ManageEngine DesktopCentral suffers from an authorization issue vulnerability that could be exploited by attackers to obtain APIKEY of valid users without authentication...
VMware vSphere Client 访问控制错误漏洞
Vmware vSphere Client is an application from Vmware, Inc. It provides virtualization management. An authorization issue vulnerability exists in Vmware vSphere Client, which can be exploited by an attacker to perform actions allowed by an affected plugin without authentication...
de Consumentenbond Sannce Smart HD Baby Monitor 授权问题漏洞
The de Consumentenbond Sannce Smart HD Baby Monitor is a webcam from de Consumentenbond in the Netherlands. It provides monitoring functionality. A security vulnerability exists in the Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices, which can be exploited by an attacker to gain...
Acexy Wireless-N WiFi Repeater REV 安全漏洞
Amazon Acexy Wireless-N WiFi Repeater REV is an Amazon.com, Inc. It is used to provide network services A security vulnerability exists in Acexy Wireless-N WiFi Repeater REV 1.0 that originates from the ability to change the administrator password without authentication...
GE Grid Solutions UR 信息泄露漏洞
GE Grid Solutions UR is an embedded operating system from GE Grid Solutions, France. It provides high-performance protection, scalable I/O, integrated monitoring and metering, high-speed communications, and extensive programming and configuration capabilities. An information disclosure...
CVE-2020-19419
Incorrect Access Control in Emerson Smart Wireless Gateway 1420 4.6.59 allows remote attackers to obtain sensitive device information from the administrator console without authentication...
CVE-2021-20067
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to view sensitive syslog events without authentication...