Total
2377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6578 | 1 Softwareag | 1 Webmethods | 2024-05-17 | 7.5 HIGH | 6.5 MEDIUM |
| A vulnerability classified as critical has been found in Software AG WebMethods 10.11.x/10.15.x. Affected is an unknown function of the file wm.server/connect/. The manipulation leads to improper access controls. It is possible to launch the attack remotely. To access a file like /assets/ a popup may request username and password. By just clicking CANCEL you will be redirected to the directory. If you visited /invoke/wm.server/connect, you'll be able to see details like internal IPs, ports, and versions. In some cases if access to /assets/ is refused, you may enter /assets/x as a wrong value, then come back to /assets/ which we will show the requested data. It appears that insufficient access control is depending on referrer header data. VDB-247158 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-5916 | 1 Dashy | 1 Dashy | 2024-05-17 | 4.0 MEDIUM | 4.3 MEDIUM |
| A vulnerability classified as critical has been found in Lissy93 Dashy 2.1.1. This affects an unknown part of the file /config-manager/save of the component Configuration Handler. The manipulation of the argument config leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-244305 was assigned to this vulnerability. | |||||
| CVE-2023-4546 | 1 Byzoro | 1 Smart S85f Management Platform | 2024-05-17 | 2.7 LOW | 6.5 MEDIUM |
| A vulnerability was found in Byzoro Smart S85F Management Platform up to 20230816. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /sysmanage/licence.php. The manipulation leads to improper access controls. The exploit has been disclosed to the public and may be used. The identifier VDB-238057 was assigned to this vulnerability. | |||||
| CVE-2023-4183 | 1 Inventory Management System Project | 1 Inventory Management System | 2024-05-17 | 4.0 MEDIUM | 9.8 CRITICAL |
| A vulnerability has been found in SourceCodester Inventory Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file edit_update.php of the component Password Handler. The manipulation of the argument user_id leads to improper access controls. The attack can be initiated remotely. VDB-236218 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-4169 | 1 Ruijie | 2 Rg-ew1200g, Rg-ew1200g Firmware | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in Ruijie RG-EW1200G 1.0(1)B1P5. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /api/sys/set_passwd of the component Administrator Password Handler. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-236185 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3786 | 1 Aures | 2 Komet, Komet Firmware | 2024-05-17 | 4.6 MEDIUM | 6.8 MEDIUM |
| A vulnerability classified as problematic has been found in Aures Komet up to 20230509. This affects an unknown part of the component Kiosk Mode. The manipulation leads to improper access controls. It is possible to launch the attack on the physical device. The exploit has been disclosed to the public and may be used. The identifier VDB-235053 was assigned to this vulnerability. | |||||
| CVE-2023-3306 | 1 Ruijie | 2 Rg-ew1200g, Rg-ew1200g Firmware | 2024-05-17 | 7.5 HIGH | 9.8 CRITICAL |
| A vulnerability was found in Ruijie RG-EW1200G EW_3.0(1)B11P204. It has been declared as critical. This vulnerability affects unknown code of the file app.09df2a9e44ab48766f5f.js of the component Admin Password Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-231802 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3305 | 1 Cdatatec | 1 Web Management System | 2024-05-17 | 7.5 HIGH | 7.5 HIGH |
| A vulnerability was found in C-DATA Web Management System up to 20230607. It has been classified as critical. This affects an unknown part of the file /cgi-bin/jumpto.php?class=user&page=config_save&isphp=1 of the component User Creation Handler. The manipulation of the argument user/newpassword leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-231801 was assigned to this vulnerability. | |||||
| CVE-2023-3099 | 1 Ubuntukylin | 1 Youker-assistant | 2024-05-17 | 3.2 LOW | 7.1 HIGH |
| A vulnerability classified as critical was found in KylinSoft youker-assistant on KylinOS. Affected by this vulnerability is the function delete_file in the library dbus.SystemBus of the component Arbitrary File Handler. The manipulation leads to improper access controls. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used. Upgrading to version 3.0.2-0kylin6k70-23 is able to address this issue. It is recommended to upgrade the affected component. The identifier VDB-230689 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3096 | 1 Kylinos | 1 Kylin-software-properties | 2024-05-17 | 4.3 MEDIUM | 7.8 HIGH |
| A vulnerability was found in KylinSoft kylin-software-properties on KylinOS. It has been declared as critical. This vulnerability affects the function changedSource. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. Upgrading to version 0.0.1-130 is able to address this issue. It is recommended to upgrade the affected component. VDB-230686 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-3018 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/?page=user/list. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-230362 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-2979 | 1 Abstrium | 1 Pydio Cells | 2024-05-17 | 5.8 MEDIUM | 8.8 HIGH |
| A vulnerability classified as critical has been found in Abstrium Pydio Cells 4.2.0. This affects an unknown part of the component User Creation Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Upgrading to version 4.2.1 is able to address this issue. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230211. | |||||
| CVE-2023-2903 | 1 Nfine | 1 Nfine Rapid Development Platform | 2024-05-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability classified as problematic has been found in NFine Rapid Development Platform 20230511. This affects an unknown part of the file /SystemManage/Role/GetGridJson?keyword=&page=1&rows=20. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-229977 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2902 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-05-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /SystemManage/Organize/GetTreeGridJson?_search=false&nd=1681813520783&rows=10000&page=1&sidx=&sord=asc. The manipulation leads to improper access controls. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-229976. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2901 | 1 Nfine Rapid Development Platform Project | 1 Nfine Rapid Development Platform | 2024-05-17 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability was found in NFine Rapid Development Platform 20230511. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /SystemManage/User/GetGridJson?_search=false&nd=1680855479750&rows=50&page=1&sidx=F_CreatorTime+desc&sord=asc. The manipulation leads to improper access controls. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-229975. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2023-2670 | 1 Oretnom23 | 1 Lost And Found Information System | 2024-05-17 | 6.5 MEDIUM | 8.8 HIGH |
| A vulnerability was found in SourceCodester Lost and Found Information System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/?page=user/manage_user. The manipulation leads to improper access controls. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-228886 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1557 | 1 E-commerce System Project | 1 E-commerce System | 2024-05-17 | 6.5 MEDIUM | 9.8 CRITICAL |
| A vulnerability was found in SourceCodester E-Commerce System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /ecommerce/admin/user/controller.php?action=edit of the component Username Handler. The manipulation of the argument USERID leads to improper access controls. The attack may be launched remotely. VDB-223550 is the identifier assigned to this vulnerability. | |||||
| CVE-2023-1491 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-05-17 | 3.2 LOW | 5.5 MEDIUM |
| A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1. It has been classified as critical. This affects the function 0x220020 in the library MaxCryptMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The identifier VDB-223377 was assigned to this vulnerability. | |||||
| CVE-2023-1490 | 1 Maxpcsecure | 1 Anti Virus Plus | 2024-05-17 | 3.2 LOW | 5.5 MEDIUM |
| A vulnerability was found in Max Secure Anti Virus Plus 19.0.2.1 and classified as critical. Affected by this issue is the function 0x220020 in the library SDActMon.sys of the component IoControlCode Handler. The manipulation leads to improper access controls. An attack has to be approached locally. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-223376. | |||||
| CVE-2023-1489 | 1 Wisecleaner | 1 Wise System Monitor | 2024-05-17 | 6.8 MEDIUM | 7.8 HIGH |
| A vulnerability has been found in Lespeed WiseCleaner Wise System Monitor 1.5.3.54 and classified as critical. Affected by this vulnerability is the function 0x9C402088 in the library WiseHDInfo64.dll of the component IoControlCode Handler. The manipulation leads to improper access controls. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-223375. | |||||