![]() When running in prototype mode, the h2 webconsole module (accessible from the Prototype menu) is automatically made available with the ability to directly query the database. The PassWork extension 5.0.9 for Chrome and other browsers allows an attacker to obtain the cleartext master password.Ī missing authentication for a critical function vulnerability in Fortinet FortiSOAR 6.4.0 - 6.4.4 and 7.0.0 - 7.0.3 and 7.2.0 allows an attacker to disclose information via logging into the database using a privileged account without a password. Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection.Īn access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.ĭedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. Zoho ManageEngine Password Manager Pro before 12122, PAM360 before 5711, and Access Manager Plus before 4306 allow SQL Injection (in a different software component relative to CVE-2022-43671. This could be abused to spoof the URL in password-reset e-mail messages. The Docker image of ownCloud Server through 10.11 contains a misconfiguration that renders the trusted_domains config useless. Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 10926902 with firmware version 1.2.0 as soon as possible. Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version = 2.2.0 as soon as possible. The impact could vary depending on the system libraries, compiler, and processor architecture. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. NOTE: this only affects an "unsupported, production-like configuration." Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special charactersĪn issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers. Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |