CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-45641 – WordPress Caret Country Access Limit Plugin <= 1.0.2 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-45641
12 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Caret Inc. Caret Country Access Limit en versiones <= 1.0.2. The Caret Country Access Limit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. • https://patchstack.com/database/vulnerability/caret-country-access-limit/wordpress-caret-country-access-limit-plugin-1-0-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28250
https://notcve.org/view.php?id=CVE-2021-28250
26 Mar 2021 — CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. When a component is run as an argument of the runpicEhealth executable, the script code will be executed as the ehealth user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, está afectado por una Escalada de Privilegios por medio de un archivo setuid (y/o setgid). Cuando un componente... • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-269: Improper Privilege Management •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28249
https://notcve.org/view.php?id=CVE-2021-28249
26 Mar 2021 — CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is run. The code in the library will be executed as the root user. NOTE: This vulnerability only affects products that are no longer supported by the maintainer CA eHealth Performance Manager versiones hasta 6.3.2.12, es... • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-426: Untrusted Search Path •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-28247
https://notcve.org/view.php?id=CVE-2021-28247
26 Mar 2021 — CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and ... • https://n4nj0.github.io/advisories/ca-ehealth-performance-manager • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 1%CPEs: 6EXPL: 0CVE-2019-7393 – CA Risk / Strong Authentication Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-7393
24 May 2019 — A UI redress vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x may allow a remote attacker to gain sensitive information in some cases. Una vulnerabilidad de reparación de IU en la interfaz de usuario administrativa de CA Technologies CA Strong Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 7.1. x y CA Risk Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 3.1. x puede per... • http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html • CWE-1021: Improper Restriction of Rendered UI Layers or Frames •
CVSS: 8.8EPSS: 2%CPEs: 6EXPL: 0CVE-2019-7394 – CA Risk / Strong Authentication Privilege Escalation
https://notcve.org/view.php?id=CVE-2019-7394
24 May 2019 — A privilege escalation vulnerability in the administrative user interface of CA Technologies CA Strong Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 7.1.x and CA Risk Authentication 9.0.x, 8.2.x, 8.1.x, 8.0.x, 3.1.x allows an authenticated attacker to gain additional privileges in some cases where an account has customized and limited privileges. Vulnerabilidad de escalado de privilegios en la interfaz de usuario administrativa de CA Technologies CA Strong Authentication 9.0. x, 8.2. x, 8.1. x, 8.0. x, 7.1. x ... • http://packetstormsecurity.com/files/153089/CA-Risk-Strong-Authentication-Privilege-Escalation.html • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19634 – CA Service Desk Manager 14.1 / 17 Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-19634
21 Jan 2019 — CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to access survey information. CA Service Desk Manager, en sus versiones 14.1 y 17, contiene una vulnerabilidad que puede permitir a un actor malicioso acceder a la información de las encuestas. CA Technologies Support is alerting customers to multiple potential risks with CA Service Desk Manager. Multiple vulnerabilities exist that can allow a remote attacker to access sensitive information or possibly gain addition... • http://www.securityfocus.com/bid/106689 • CWE-284: Improper Access Control •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-19635 – CA Service Desk Manager 14.1 / 17 Authentication Bypass
https://notcve.org/view.php?id=CVE-2018-19635
21 Jan 2019 — CA Service Desk Manager 14.1 and 17 contain a vulnerability that can allow a malicious actor to escalate privileges in the user interface. CA Service Desk Manager, en sus versiones 14.1 y 17, contiene una vulnerabilidad que puede permitir a un actor malicioso escalar privilegios en la interfaz del usuario. CA Technologies Support is alerting customers to multiple potential risks with CA Service Desk Manager. Multiple vulnerabilities exist that can allow a remote attacker to access sensitive information or p... • http://www.securityfocus.com/bid/106689 • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13819 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13819
30 Aug 2018 — A hardcoded secret key, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una clave secreta embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is runnin... • http://www.securityfocus.com/bid/105199 • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2018-13820 – CA Unified Infrastructure Management Hardcoded Credentials / Missing Authentication
https://notcve.org/view.php?id=CVE-2018-13820
30 Aug 2018 — A hardcoded passphrase, in CA Unified Infrastructure Management 8.5.1, 8.5, and 8.4.7, allows attackers to access sensitive information. Una frase de contraseña embebida en CA Unified Infrastructure Management 8.5.1, 8.5 y 8.4.7 permite que los atacantes accedan a información sensible. CA Technologies Support is alerting customers to multiple potential risks with CA Unified Infrastructure Management. Multiple vulnerabilities exist that can allow an attacker, who has access to the network on which CA UIM is ... • http://www.securityfocus.com/bid/105199 • CWE-798: Use of Hard-coded Credentials •