#auth

Netman 204 version 4.05 suffers from remote SQL injection and unauthenticated password reset vulnerabilities.

Elaine's Realtime CRM Automation version 6.18.17 suffers from a cross site scripting vulnerability.

PHP ACRSS version 1.0 suffers from a cross site request forgery vulnerability.

Reservation Management System version 1.0 suffers from a backup disclosure vulnerability.

Rail Pass Management System version 1.0 suffers from an ignored default credential vulnerability.

PreSchool Enrollment System version 1.0 suffers from an ignored default credential vulnerability.

PHP SPM version 1.0 suffers from a cross site request forgery vulnerability.

Telegram now shares users’ IP addresses and phone numbers with authorities after valid legal requests. This policy change…

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dover Fueling Solutions (DFS) Equipment: ProGauge MAGLINK LX CONSOLE Vulnerabilities: Command Injection, Improper Privilege Management, Use of Hard-coded Password, Cross-site Scripting, Authentication Bypass Using an Alternate Path or Channel 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow a remote attacker to gain full control of the system. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Dover Fueling Solutions ProGauge MAGLINK LX CONSOLE, tank gauge consoles, are affected: ProGauge MAGLINK LX CONSOLE: Versions 3.4.2.2.6 and prior ProGauge MAGLINK LX4 CONSOLE: Versions 4.17.9e and prior 3.2 Vulnerability Overview 3.2.1 Command Injection CWE-77 A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE IP sub-menu can allow a remote attacker to inject arbitrary commands. CVE-2024-45066 has been assigned to this vulnerab...

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Moxa Equipment: MXview One, MXview One Central Manager Series Vulnerabilities: Cleartext Storage In A File or On Disk, Path Traversal, Time-of-Check Time-of-Use Race Condition 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to expose local credentials and write arbitrary files to the system, resulting in execution of malicious code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following Moxa products are affected: MXview One Series: Versions 1.4.0 and prior MXview One Central Manager Series: Version 1.0.0 3.2 Vulnerability Overview 3.2.1 CLEARTEXT STORAGE IN A FILE OR ON DISK CWE-313 The configuration file stores credentials in cleartext. An attacker with local access rights can read or modify the configuration file, potentially resulting in the service being abused because of sensitive information exposure. CVE-2024-6785 has been assign...