Log files uploaded during troubleshooting by the Harmony SASE agent may have been accessible to unauthorized parties.
The /log endpoint on a Juju controller lacked sufficient authorization checks, allowing unauthorized users to access debug messages that could contain sensitive information.
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 v3.90. The component affected by this issue is /upload_sysconfig.php on the web interface. By crafting a suitable form nam
autMan v2.9.6 was discovered to contain an access control issue.
A vulnerability has been identified in SIMATIC CP 1543-1 V4.0 (6GK7543-1AX10-0XE0) (All versions >= V4.0.44 < V4.0.50). Affected devices do not properly handle authorization. This could allow an unaut
Incorrect access control in BYD QIN PLUS DM-i Dilink OS 3.0_13.1.7.2204050.1 allows unauthorized attackers to access system logcat logs.
Exposure of Sensitive Information to an Unauthorized Actor (CWE-200) in the diagnostic dump component in AxxonSoft Axxon One VMS (C-Werk) 2.0.0 through 2.0.1 on Windows allows a local attacker to obta
A remote unauthorized attacker may gather sensitive information of the application, due to missing authorization of configuration settings of the product.
Affected devices do not properly sanitize contents of trace files.
This could allow an attacker to inject code through social engineering an authorized user, who has the function right "Read diagno
An issue in EQUES com.eques.plug 1.0.1 allows a remote attacker to obtain sensitive information via the firmware update process.
A vulnerability in FileStation file cgi allows remote authenticated users to read file metadata and path information.
Files or directories accessible to external parties issue exists in SS1 Ver.16.0.0.10 and earlier (Media version:16.0.0a and earlier). If exploited, uploaded files and SS1 configuration files may be a
A vulnerability was found in feng_ha_ha/megagao ssm-erp and production_ssm up to 0.0.1. It has been classified as critical. This affects the function uploadFile of the file src/main/java/com/megagao/p
An issue was discovered in Logpoint before 7.5.0. An endpoint used by Distributed Logpoint Setup was exposed, allowing unauthenticated attackers to bypass CSRF protections and authentication.
A vulnerability in portenable cgi allows remote authenticated users to get the status of installed packages.
Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series
v3.08.01
; MATRIX Series
v3.08.01 allows Attacker to execute arbitrary code remotely
A vulnerability was found in Raisecom MSG1200, MSG2100E, MSG2200, and MSG2300 3.90. The component affected by this issue is /upload_netaction.php on the web interface. By crafting a suitable form name
An issue was discovered in Logpoint before 7.5.0. Endpoints for creating, editing, or deleting third-party authentication modules lacked proper authorization checks. This allowed unauthenticated users
UnForm Server Manager versions prior to 10.1.12 expose an unauthenticated file read vulnerability via its log file analysis interface. The flaw resides in the arc endpoint, which accepts a fl paramete
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.
Page 1+ Next →