Page 15 of 5131 results (0.386 seconds)

CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0

An unauthenticated attacker with access to the local network of the medical office can use known default credentials to gain remote DBA access to the Elefant Firebird database. ... Un atacante no autenticado con acceso a la red local del consultorio médico puede utilizar credenciales predeterminadas conocidas para obtener acceso remoto de administrador de base de datos a la base de datos Firebird de Elefant. ... HASOMED Elefant versions prior to 24.04.00 and Elefant Software Updater versions prior to 1.4.2.1811 suffer from having an unprotected exposed firebird database, unprotected FHIR API, multiple local privilege escalation, and hardcoded service password vulnerabilities. • https://hasomed.de/produkte/elefant https://r.sec-consult.com/hasomed • CWE-419: Unprotected Primary Channel CWE-1393: Use of Default Password •

CVSS: 6.5EPSS: 0%CPEs: -EXPL: 0

An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH v2.0.0 to v2.4.2 allows attackers to escalate privileges and access sensitive information via manipulation of the Nginx configuration file. An Improper Authorization (Access Control Misconfiguration) vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality. • http://mgt-commerce.com https://github.com/EagleTube/CloudPanel/tree/main/CVE-2024-44765 • CWE-863: Incorrect Authorization •

CVSS: 8.8EPSS: 0%CPEs: -EXPL: 0

An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. • https://gist.github.com/haruki3hhh/bd228e6dcaf8c18140e1074964912b39 https://github.com/bytecodealliance/wasm-micro-runtime/issues/3122 https://github.com/bytecodealliance/wasm-micro-runtime/pull/3126 • CWE-125: Out-of-bounds Read •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

An incorrect access control issue in Life: Personal Diary, Journal android app 17.5.0 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. • https://play.google.com/store/apps/details?id=com.hitbytes.minidiarynotes https://zzzxiin.github.io/post/life-personal-diary •

CVSS: 6.1EPSS: 0%CPEs: -EXPL: 0

An incorrect access control issue in HomeServe Home Repair' android app - 3.3.4 allows a physically proximate attacker to escalate privileges via the fingerprint authentication function. • http://homeserve.com https://apkpure.com/homeserve-home-repair/com.homeserveapp.homeserve https://zzzxiin.github.io/post/homeserve •