![]() Password Storage Application v1.0 was discovered to contain a cross-site scripting (XSS) vulnerability via the Setup page. ![]() Password recovery vulnerability in SICK SIM2x00 (ARM) Partnumber 10926902 with firmware version 1.2.0 as soon as possible.Īn access control issue in the password reset page of IP-COM EW9 V15.11.0.14(9732) allows unauthenticated attackers to arbitrarily change the admin password.ĭedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords. Password recovery vulnerability in SICK SIM1012 Partnumber 1098146 with firmware version = 2.2.0 as soon as possible. The impact could vary depending on the system libraries, compiler, and processor architecture. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. ![]() Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. NOTE: this only affects an "unsupported, production-like configuration." Changing the boot device configuration with these packages removes password protection from the managed libvirt XML domain. ![]() In JetBrains TeamCity version before 2022.10, Password parameters could be exposed in the build log if they contained special charactersĪn issue was discovered in OpenStack Sushy-Tools through 0.21.0 and VirtualBMC through 2.2.2. NOTE: Obsidian is a specific version of the Plesk product: version numbers were used through version 12, and then the convention was changed so that versions are identified by names ("Obsidian"), not numbers. ![]() Plesk Obsidian allows a CSRF attack, e.g., via the /api/v2/cli/commands REST API to change an Admin password. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |