An attacker with access to the project file could use the exposed
credentials to impersonate users, escalate privileges, or gain
unauthorized access to systems and services. The absence of robust
e
An unauthenticated attacker can trick a local user into executing arbitrary commands by opening a deliberately manipulated project file with an affected engineering tool. These arbitrary commands are
Sensitive data could be exposed to non- privileged users in a configuration file. Local access to the computer with a low- privileged account is required to access the configuration file containing t
Cleartext Storage of Sensitive Information Vulnerability in GX Works2 all versions allows an attacker to disclose credential information stored in plaintext from project files. As a result, the attack
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and
arbitrary code execution when a privileged engineer user with console access modifies a configurat
Successful exploitation of this vulnerability could allow an attacker to gain unauthorized access to sensitive information.
A privilege escalation vulnerability exists in the affected products which could allow a malicious user with basic privileges to access functions which should only be available to users with administr
ProcessMaker 3.5.4 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting improper path traversal validation. Attackers can send requ
CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability exists that could cause unauthorized access to sensitive files when an authenticated attackers uses
Unrestricted upload of file with dangerous type for some Intel(R) CIP software before version WIN_DCA_2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged so
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*
A vulnerability in the AdminServer component of OpenEdge on all supported platforms grants its authenticated users OS-level access to the server
through the adopted authority of the AdminServer proces
Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*
An unauthenticated remote attacker can access a configuration file containing database credentials. This can result in a some loss of confidentiality, but there is no endpoint exposed to use these cre
There are several scripts in the web interface that are accessible via undocumented hard-coded credentials. The scripts provide access to additional administrative/debug functionality and are likely i
An attacker with authenticated and privileged access could modify the contents of a non-sensitive file by traversing the path in the limited shell of the CLI. This security issue has been fixed in the
A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, remote attacker to bypass the authorization mechanisms for specific file management functions.
This
An unauthenticated remote attacker can use hard-coded credentials to gain full administration privileges on the affected product.
The vulnerability, if exploited, could allow an authenticated miscreant
(with privilege of "aaConfigTools") to tamper with App Objects' help
files and persist a cross-site scripting (XSS) injection
Prior to version 25.4.270.0, a local authenticated attacker can manipulate user profile files to add illegitimate challenge response codes into the local user registry under certain conditions. This a
Page 1+ Next →