Orca Management Organization Co., Ltd. Security Vulnerabilities

Prison Management System - SQL Injection Authentication Bypass

Sql injection vulnerability was found on the login page in Prison Management...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

CVE-2024-37679

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...

CVE-2024-37679

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...

CVE-2024-37679

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...

Barco Control Room Management Suite <=2.9 Build 0275 - Local File Inclusion

Barco Control Room Management through Suite 2.9 Build 0275 is vulnerable to local file inclusion that could allow attackers to access sensitive information and components. Requests must begin with the "GET /...."...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

CVE-2023-20220

Multiple vulnerabilities in the web-based management interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system. To exploit these vulnerabilities, the attacker must have valid device...

Patch Management: SCCM Report

This plugin parses the patch information from the SCCM server provided in order to determine if the system scanned is managed by the SCCM server. If so, the plugin then determines which patches are missing from the target system. This plugin will use the information provided from the SCCM server...

CVE-2024-37679

Cross Site Scripting vulnerability in Hangzhou Meisoft Information Technology Co., Ltd. Finesoft v.8.0 and before allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp...

CVE-2023-32333

IBM Maximo Asset Management 7.6.1.3 could allow a remote attacker to log into the admin panel due to improper access controls. IBM X-Force ID: ...

Symantec Management Console Installed

The Symantec Management Console is installed on the remote Windows host, which is a part of Symantec Management...

Exploit for Insertion of Sensitive Information into Log File in Milesight Ur5X Firmware

CVE-2023-43261 - PoC Critical Vulnerability Exposes...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

Intel Management Engine Active Management Technology (AMT) Remote Access Enabled

The Intel Management Engine on the remote host has Active Management Technology (AMT) enabled, and is remotely...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

ForgeRock Access Management Detection

ForgeRock Access Management, also known as OpenAM, was detected on the remote...

K000138460: Multiple MySQL vulnerabilities

Security Advisory Description CVE-2024-20960 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: RAPID). Supported versions that are affected are 8.0.35 and prior and 8.2.0 and prior. Easily exploitable vulnerability allows low privileged attacker with network access...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-22353)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the openidConnectClient-1.0 or socialLogin-1.0 feature enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz...

Plone CMS Improper Session Management

Plone CMS before 3 places a base64 encoded form of the username and password in the __ac cookie for all user accounts, which makes it easier for remote attackers to obtain access by sniffing the...

Newsletter - API v1 and v2 addon for Newsletter < 2.4.6 - Missing Authorization to Email Subscribers Management

Description The Newsletter - API v1 and v2 addon plugin for WordPress is vulnerable to unauthorized subscribers management due to PHP type juggling issue on the check_api_key function in all versions up to, and including, 2.4.5. This makes it possible for unauthenticated attackers to list, create.....

Open Access Management Detection

Open Access Management (OpenAM), was detected on the remote...

Prison Management System - SQL Injection Authentication Bypass Vulnerability

...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft &lt;=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft &lt;=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft &lt;=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

CVE-2022-41914

Zulip is an open-source team collaboration tool. For organizations with System for Cross-domain Identity Management(SCIM) account management enabled, Zulip Server 5.0 through 5.6 checked the SCIM bearer token using a comparator that did not run in constant time. Therefore, it might theoretically...

Security Bulletin: The IBM® Engineering Lifecycle Engineering product using IBM WebSphere Application Server Liberty is vulnerable to a denial of service (CVE-2024-27268)

Summary IBM WebSphere Application Server Liberty is vulnerable to a denial of service with the servlet-3.1, servlet-4.0, servlet-5.0, or servlet-6.0 feature with the HTTP/2 protocol enabled. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft &lt;=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

K000140188: PostgreSQL vulnerability CVE-2024-0985

Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...

co-free.julius-kuehn.de Cross Site Scripting vulnerability OBB-3870099

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

K000140189: Linux kernel vulnerability CVE-2021-47572

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....

Security Bulletin: IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service (CVE-2024-25026)

Summary IBM WebSphere Application Server shipped with Jazz for Service Management (JazzSM) is vulnerable to a denial of service. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected Product(s)| Version(s) ---|---...

Oracle Business Process Management Installed

Oracle Business Process Management, a tool for managing business processes, is installed on the remote...

Pivotal RabbitMQ Management Plugin Detection

Pivotal RabbitMQ server with the Management plugin is running on the remote host. RabbitMQ is a message broker application that uses AMQP for communications, and the Management plugin uses HTTP for managing the...

CVE-2024-1313 Users outside an organization can delete a snapshot with its key

It is possible for a user in a different organization from the owner of a snapshot to bypass authorization and delete a snapshot by issuing a DELETE request to /api/snapshots/ using its view key. This functionality is intended to only be available to individuals with the permission to write/edit...

Cisco Energy Management Web Detection

Cisco Energy Management, a power management solution for IT assets, was detected based on the web...

Oracle Business Transaction Management Detection

The remote web server hosts Oracle Business Transaction Management, a transaction management system that is used for tracking the flow of transactions across IT...

OpenStack Identity Keystone Improper Privilege Management

OpenStack Identity (Keystone) before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same...

CyberPower PowerPanel Business Management Detection

The CyberPower PowerPanel Business Management, a power management application, is running on the remote...

Dell Wyse Management Suite Installed

Dell Wyse Management Suite, a solution for managing Dell endpoints, is installed on the remote...

SonicWALL Universal Management Suite Detection

SonicWALL Universal Management Suite is running on the remote host. This typically indicates that Dell SonicWALL Global Management System (GMS) / Analyzer is also...

Patch Management: Symantec Altiris Report

This plugin uses the missing patch information and host information retrieved from the Symantec Altiris database to generate a report summarizing the system. If the system is not managed, the report will indicate as...

Patch Management: Symantec Altiris Settings

This plugin initializes the Symantec Altiris server settings as set by the user. To set the settings, edit your scan policy and go to the section 'Preferences'. This does not connect to the target...

Patch Management: SCCM Server Settings

This plugin initializes the SCCM server credentials as set by the user. To set the credentials, edit your scan policy and go to the section 'Credentials'. This plugin does not connect to the target...

Malicious code in ing-feat-grants-management (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (221a8c8dc0ff1aa5360d2c6a5cf5879024000e3626e73c22bcc1990fd6408278) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace

OAuthenticator provides plugins for JupyterHub to use common OAuth providers, as well as base classes for writing one's own Authenticators with any OAuth 2.0 provider. GoogleOAuthenticator.hosted_domain is used to restrict what Google accounts can be authorized access to a JupyterHub. The...

CVE-2023-48788

A improper neutralization of special elements used in an sql command ('sql injection') in Fortinet FortiClientEMS version 7.2.0 through 7.2.2, FortiClientEMS 7.0.1 through 7.0.10 allows attacker to execute unauthorized code or commands via specially crafted...