Search Results | AttackerKB

96 Total Results

Displaying 1-10 of 96

Attacker Value

Unknown

CVE-2024-46918

Disclosure Date: September 15, 2024 (last updated September 21, 2024)

app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org.

Attacker Value

Unknown

CVE-2024-45509

Disclosure Date: September 01, 2024 (last updated September 05, 2024)

In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2024-25675

Disclosure Date: February 09, 2024 (last updated February 13, 2024)

An issue was discovered in MISP before 2.4.184. A client does not need to use POST to start an export generation process. This is related to app/Controller/JobsController.php and app/View/Events/export.ctp.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2024-25674

Disclosure Date: February 09, 2024 (last updated February 13, 2024)

An issue was discovered in MISP before 2.4.184. Organisation logo upload is insecure because of a lack of checks for the file extension and MIME type.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2023-50918

Disclosure Date: December 15, 2023 (last updated December 20, 2023)

app/Controller/AuditLogsController.php in MISP before 2.4.182 mishandles ACLs for audit logs.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2023-49926

Disclosure Date: December 03, 2023 (last updated December 07, 2023)

app/Lib/Tools/EventTimelineTool.php in MISP before 2.4.179 allows XSS in the event timeline widget.

Attack Vector: Network Privileges: None User Interaction: Required

Attacker Value

Unknown

CVE-2023-48659

Disclosure Date: November 17, 2023 (last updated November 23, 2023)

An issue was discovered in MISP before 2.4.176. app/Controller/AppController.php mishandles parameter parsing.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2023-48658

Disclosure Date: November 17, 2023 (last updated November 23, 2023)

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php lacks a checkParam function for alphanumerics, underscore, dash, period, and space.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2023-48657

Disclosure Date: November 17, 2023 (last updated January 10, 2024)

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles filters.

Attack Vector: Network Privileges: None User Interaction: None

Attacker Value

Unknown

CVE-2023-48656

Disclosure Date: November 17, 2023 (last updated January 10, 2024)

An issue was discovered in MISP before 2.4.176. app/Model/AppModel.php mishandles order clauses.

Attack Vector: Network Privileges: None User Interaction: None

96 Total Results

Displaying 1-10 of 96

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Unknown

Quick Cookie Notification