1453 matches found
WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability
WordPress LC Wizard plugin 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation vulnerability discovered by kr0d in WordPress Plugin LC Wizard versions 1.2.10-1.3.0...
PT-2025-45401
Name of the Vulnerable Software and Affected Versions LC Wizard plugin for WordPress versions 1.2.10 through 1.3.0 Description The LC Wizard plugin for WordPress has a flaw that allows lower-privileged users to escalate to administrator rights. This is due to a missing capability check in the...
WordPress plugin LC Wizard 安全漏洞
WordPress LC Wizard plugin is a plugin with security vulnerabilities. WordPress LC Wizard plugin has an elevation of privilege vulnerability that stems from a missing capability check in the ghl-wizard/inc/wpuser.php file, which can be exploited by an attacker to cause an elevation of privilege...
Lexmark Printers Improper Authentication (CVE-2021-44736)
The initial admin account setup wizard on Lexmark devices allow unauthenticated access to the out of service erase feature. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc...
CVE-2025-12108
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
CVE-2025-12108 Missing Authentication for Critical Function Survision License Plate Recognition Camera
The Survision LPR Camera system does not enforce password protection by default. This allows access to the configuration wizard immediately without a login prompt or credentials check...
PT-2025-45029
Name of the Vulnerable Software and Affected Versions Survision LPR Camera system affected versions not specified Description The Survision LPR Camera system lacks default password protection. This allows immediate access to the configuration wizard without requiring a login or checking...
CVE-2024-14005
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...
EUVD-2024-55054
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...
CVE-2024-14008
Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...
CVE-2024-14005
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...
CVE-2024-14005
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...
CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard
Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...
CVE-2024-14008 Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard
Nagios XI versions prior to 2024R1.3.2 contain a remote command execution vulnerability in the WinRM Configuration Wizard. Insufficient validation of user-supplied input allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations...
CVE-2024-14008
Nagios XI prior to 2024R1.3.2 is affected by a remote command execution vulnerability in the WinRM Configuration Wizard. The issue stems from insufficient validation of user-supplied input, allowing an authenticated administrator to inject shell metacharacters into backend command invocations, re...
CVE-2024-14005 Nagios XI < 2024R1.2 Command Injection via Docker Wizard
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...
CVE-2024-14005 Nagios XI < 2024R1.2 Command Injection via Docker Wizard
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input in the wizard allows an authenticated administrator to inject shell metacharacters that are incorporated into backend command invocations. Successful...
CVE-2024-14005
Nagios XI versions prior to 2024R1.2 contain a command injection vulnerability in the Docker Wizard. Insufficient validation of user-supplied input by an authenticated administrator enables shell metacharacter injection that is incorporated into backend command invocations, allowing arbitrary com...
Nagios XI 安全漏洞
Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A security vulnerability exists in Nagios XI versions prior to 2024R1.2, which stems from insufficient...