Total
168 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-1313 | 1 Jetbrains | 1 Teamcity | 2023-07-06 | N/A | 6.5 MEDIUM |
| JetBrains TeamCity 8 and 9 before 9.0.2 allows bypass of account-creation restrictions via a crafted request because the required request data can be deduced by reading HTML and JavaScript files that are returned to the web browser after an initial unauthenticated request. | |||||
| CVE-2022-1077 | 1 Tem | 4 Flex-1080, Flex-1080 Firmware, Flex-1085 and 1 more | 2023-06-27 | 5.0 MEDIUM | 7.5 HIGH |
| A vulnerability was found in TEM FLEX-1080 and FLEX-1085 1.6.0. It has been declared as problematic. This vulnerability log.cgi of the component Log Handler. A direct request leads to information disclosure of hardware information. The attack can be initiated remotely and does not require any form of authentication. | |||||
| CVE-2019-14347 | 1 Schben | 1 Adive | 2023-03-03 | 6.5 MEDIUM | 8.8 HIGH |
| Internal/Views/addUsers.php in Schben Adive 2.0.7 allows remote unprivileged users (editor or developer) to create an administrator account via admin/user/add, as demonstrated by a Python PoC script. | |||||
| CVE-2018-0140 | 1 Cisco | 19 Content Security Management Appliance, Content Security Management Appliance Sma M190, Content Security Management Appliance Sma M390 and 16 more | 2023-02-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| A vulnerability in the spam quarantine of Cisco Email Security Appliance and Cisco Content Security Management Appliance could allow an authenticated, remote attacker to download any message from the spam quarantine by modifying browser string information. The vulnerability is due to a lack of verification of authenticated user accounts. An attacker could exploit this vulnerability by modifying browser strings to see messages submitted by other users to the spam quarantine within their company. Cisco Bug IDs: CSCvg39759, CSCvg42295. | |||||
| CVE-2020-35570 | 2 Helmholz, Mbconnectline | 4 Myrex24, Myrex24.virtual, Mbconnect24 and 1 more | 2023-02-16 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in MB connect line mymbCONNECT24, mbCONNECT24 and Helmholz myREX24 and myREX24.virtual through 2.11.2. An unauthenticated attacker is able to access files (that should have been restricted) via forceful browsing. | |||||
| CVE-2022-28799 | 1 Tiktok | 1 Tiktok | 2022-12-09 | 6.8 MEDIUM | 8.8 HIGH |
| The TikTok application before 23.7.3 for Android allows account takeover. A crafted URL (unvalidated deeplink) can force the com.zhiliaoapp.musically WebView to load an arbitrary website. This may allow an attacker to leverage an attached JavaScript interface for the takeover with one click. | |||||
| CVE-2021-24695 | 1 Tipsandtricks-hq | 1 Simple Download Monitor | 2022-11-09 | 5.0 MEDIUM | 7.5 HIGH |
| The Simple Download Monitor WordPress plugin before 3.9.6 saves logs in a predictable location, and does not have any authentication or authorisation in place to prevent unauthenticated users to download and read the logs containing Sensitive Information such as IP Addresses and Usernames | |||||
| CVE-2022-41746 | 2 Microsoft, Trendmicro | 2 Windows, Apex One | 2022-10-11 | N/A | 9.1 CRITICAL |
| A forced browsing vulnerability in Trend Micro Apex One could allow an attacker with access to the Apex One console on affected installations to escalate privileges and modify certain agent groupings. Please note: an attacker must first obtain the ability to log onto the Apex One web console in order to exploit this vulnerability. | |||||
| CVE-2021-46378 | 1 Dlink | 2 Dir-850l, Dir-850l Firmware | 2022-09-09 | 5.0 MEDIUM | 7.5 HIGH |
| DLink DIR850 ET850-1.08TRb03 is affected by an incorrect access control vulnerability through an unauthenticated remote configuration download. | |||||
| CVE-2022-2551 | 1 Snapcreek | 1 Duplicator | 2022-08-23 | N/A | 7.5 HIGH |
| The Duplicator WordPress plugin before 1.4.7 discloses the url of the a backup to unauthenticated visitors accessing the main installer endpoint of the plugin, if the installer script has been run once by an administrator, allowing download of the full site backup without authenticating. | |||||
| CVE-2022-2544 | 1 Wpmanageninja | 1 Ninja Job Board | 2022-08-23 | N/A | 7.5 HIGH |
| The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes. | |||||
| CVE-2022-2192 | 1 Hypr | 1 Hypr Server | 2022-07-27 | N/A | 8.8 HIGH |
| Forced Browsing vulnerability in HYPR Server version 6.10 to 6.15.1 allows remote attackers with a valid one-time recovery token to elevate privileges via path tampering in the Magic Link page. This issue affects: HYPR Server versions later than 6.10; version 6.15.1 and prior versions. | |||||
| CVE-2021-28150 | 1 Hongdian | 2 H8922, H8922 Firmware | 2022-07-12 | 2.1 LOW | 5.5 MEDIUM |
| Hongdian H8922 3.0.5 devices allow the unprivileged guest user to read cli.conf (with the administrator password and other sensitive data) via /backup2.cgi. | |||||
| CVE-2021-42671 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| An incorrect access control vulnerability exists in Sourcecodester Engineers Online Portal in PHP in nia_munoz_monitoring_system/admin/uploads. An attacker can leverage this vulnerability in order to bypass access controls and access all the files uploaded to the web server without the need of authentication or authorization. | |||||
| CVE-2021-36745 | 1 Trendmicro | 1 Serverprotect | 2022-07-12 | 10.0 HIGH | 9.8 CRITICAL |
| A vulnerability in Trend Micro ServerProtect for Storage 6.0, ServerProtect for EMC Celerra 5.8, ServerProtect for Network Appliance Filers 5.8, and ServerProtect for Microsoft Windows / Novell Netware 5.8 could allow a remote attacker to bypass authentication on affected installations. | |||||
| CVE-2021-36560 | 1 Phone Shop Sales Management System Project | 1 Phone Shop Sales Management System | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Phone Shop Sales Managements System using PHP with Source Code 1.0 is vulnerable to authentication bypass which leads to account takeover of the admin. | |||||
| CVE-2021-20114 | 1 Tecnick | 1 Tcexam | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which included sensitive database backup files. | |||||
| CVE-2020-24203 | 1 Projectworlds | 1 Travel Management System | 2022-07-12 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure File Permissions and Arbitrary File Upload in the upload pic function in updatesubcategory.php in Projects World Travel Management System v1.0 allows remote unauthenticated attackers to gain remote code execution. | |||||
| CVE-2021-40875 | 1 Gurock | 1 Testrail | 2022-07-12 | 5.0 MEDIUM | 7.5 HIGH |
| Improper Access Control in Gurock TestRail versions < 7.2.0.3014 resulted in sensitive information exposure. A threat actor can access the /files.md5 file on the client side of a Gurock TestRail application, disclosing a full list of application files and the corresponding file paths. The corresponding file paths can be tested, and in some cases, result in the disclosure of hardcoded credentials, API keys, or other sensitive data. | |||||
| CVE-2021-22180 | 1 Gitlab | 1 Gitlab | 2022-07-12 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting from 13.4. Improper access control allows unauthorized users to access details on analytic pages. | |||||