Check CVE Id
Check CWE Id
R&D Visions CMS - SQL Injection Vulnerability
Maintained By Web Smile India - SQL Injection Vulnerability
Design By Julyinfo. - SQL Injection Vulnerability
CVEMAP Search Results
Mate 20 RS smartphones with versions earlier than 126.96.36.199(C786E133R3P1) have an improper authorization vulnerability. The software does not properly restrict certain operation in ADB mode, successful exploit could allow the attacker to switch to third desktop after a series of operation.
Some Huawei home routers have an improper authorization vulnerability. Due to improper authorization of certain programs, an attacker can exploit this vulnerability to execute uploaded malicious files and escalate privilege.
On TCL Alcatel Cingular Flip 2 B9HUAH1 devices, PIN authentication can be bypassed by creating a special file within the /data/local/tmp/ directory. The System application that implements the lock screen checks for the existence of a specific file and disables PIN authentication if it exists. This file would typically be created via Android Debug Bridge (adb) over USB.
A vulnerability in the web management interface of Cisco AsyncOS Software for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to perform an unauthorized system reset on an affected device. The vulnerability is due to improper authorization controls for a specific URL in the web management interface. An attacker could exploit this vulnerability by sending a crafted HTTP request to an affected device. A successful exploit could have a twofold impact: the attacker could either change the administrator password, gaining privileged access, or reset the network configuration details, causing a denial of service (DoS) condition. In both scenarios, manual intervention is required to restore normal operations.
Cloudera CDH before 5.6.1 allows authorization bypass via direct internal API calls.
In Cloudera CDH before 5.7.1, Impala REVOKE ALL ON SERVER commands do not revoke all privileges.
Insufficient policy enforcement in service workers in Google Chrome prior to 78.0.3904.70 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
A flaw was discovered in ibus that allows any unprivileged user to monitor and send method calls to the ibus bus of another user due to a misconfiguration in the DBus server setup. A local attacker may use this flaw to intercept all keystrokes of a victim user who is using the graphical interface, change the input method engine, or modify other input related configurations of the victim user.
Kaspersky Protection extension for web browser Google Chrome prior to 188.8.131.52 was vulnerable to unauthorized access to its features remotely that could lead to removing other installed extensions.
oVirt users with MANIPULATE_STORAGE_DOMAIN permissions can attach a storage domain to any data-center
Back to Top