Total
163 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-28365 | 1 Reprisesoftware | 1 Reprise License Manager | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Reprise License Manager 14.2 is affected by an Information Disclosure vulnerability via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture, and file/directory details. | |||||
| CVE-2022-26159 | 1 Ametys | 1 Ametys | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords. | |||||
| CVE-2022-36158 | 1 Contec | 8 Fxa2000, Fxa2000 Firmware, Fxa3000 and 5 more | 2023-08-08 | N/A | 8.0 HIGH |
| Contec FXA3200 version 1.13.00 and under suffers from Insecure Permissions in the Wireless LAN Manager interface which allows malicious actors to execute Linux commands with root privilege via a hidden web page (/usr/www/ja/mnt_cmd.cgi). | |||||
| CVE-2022-28991 | 1 Bdtask | 1 Multi Store Inventory Management System | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| Multi Store Inventory Management System v1.0 was discovered to contain an information disclosure vulnerability which allows attackers to access sensitive files. | |||||
| CVE-2022-34572 | 1 Wavlink | 1 Wifi-repeater Firmware | 2023-08-08 | N/A | 5.7 MEDIUM |
| An access control issue in Wavlink WiFi-Repeater RPTA2-77W.M4300.01.GD.2017Sep19 allows attackers to obtain the telnet password via accessing the page tftp.txt. | |||||
| CVE-2021-26085 | 1 Atlassian | 2 Confluence Data Center, Confluence Server | 2023-08-08 | 5.0 MEDIUM | 5.3 MEDIUM |
| Affected versions of Atlassian Confluence Server allow remote attackers to view restricted resources via a Pre-Authorization Arbitrary File Read vulnerability in the /s/ endpoint. The affected versions are before version 7.4.10, and from version 7.5.0 before 7.12.3. | |||||
| CVE-2021-30144 | 1 Glpi-project | 1 Dashboard | 2023-08-08 | 4.0 MEDIUM | 4.3 MEDIUM |
| The Dashboard plugin through 1.0.2 for GLPI allows remote low-privileged users to bypass access control on viewing information about the last ten events, the connected users, and the users in the tech category. For example, plugins/dashboard/front/main2.php can be used. | |||||
| CVE-2022-42238 | 1 Merchandise Online Store Project | 1 Merchandise Online Store | 2023-08-08 | N/A | 8.8 HIGH |
| A Vertical Privilege Escalation issue in Merchandise Online Store v.1.0 allows an attacker to get access to the admin dashboard. | |||||
| CVE-2022-42197 | 1 Simple Exam Reviewer Management System Project | 1 Simple Exam Reviewer Management System | 2023-08-08 | N/A | 6.5 MEDIUM |
| In Simple Exam Reviewer Management System v1.0 the User List function has improper access control that allows low privileged users to modify user permissions to higher privileges. | |||||
| CVE-2022-31847 | 1 Wavlink | 2 Wn579x3, Wn579x3 Firmware | 2023-08-08 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability in /cgi-bin/ExportAllSettings.sh of WAVLINK WN579 X3 M79X3.V5030.180719 allows attackers to obtain sensitive router information via a crafted POST request. | |||||
| CVE-2022-27480 | 1 Siemens | 4 Sicam A8000 Cp-8031, Sicam A8000 Cp-8031 Firmware, Sicam A8000 Cp-8050 and 1 more | 2023-07-18 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability has been identified in SICAM A8000 CP-8031 (All versions < V4.80), SICAM A8000 CP-8050 (All versions < V4.80). Affected devices do not require an user to be authenticated to access certain files. This could allow unauthenticated attackers to download these files. | |||||
| CVE-2015-1313 | 1 Jetbrains | 1 Teamcity | 2023-07-06 | N/A | 6.5 MEDIUM |
| JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | |||||
| CVE-2022-1077 | 1 Tem | 4 Flex-1080, Flex-1080 Firmware, Flex-1085 and 1 more | 2023-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. | |||||
| CVE-2019-14347 | 1 Schben | 1 Adive | 2023-03-03 | 6.5 MEDIUM | 8.8 HIGH |
| Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. | |||||
| CVE-2018-0140 | 1 Cisco | 19 Content Security Management Appliance, Content Security Management Appliance Sma M190, Content Security Management Appliance Sma M390 and 16 more | 2023-02-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. | |||||
| CVE-2020-35570 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2023-02-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing. | |||||
| CVE-2022-28799 | 1 Tiktok | 1 Tiktok | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. | |||||
| CVE-2021-24695 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2022-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames | |||||
| CVE-2022-41746 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-10-11 | N/A | 9.1 CRITICAL |
| A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability. | |||||
| CVE-2021-46378 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2022-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | |||||