Search Results | AttackerKB

1,987 Total Results

Displaying 91-100 of 1,987

Attacker Value

Unknown

CVE-2022-30358

Disclosure Date: October 25, 2024 (last updated November 01, 2024)

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. Authentication is required.

Attacker Value

Unknown

CVE-2022-30357

Disclosure Date: October 25, 2024 (last updated November 01, 2024)

OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /profile/updateProfile via the userId and email parameters. Authentication is required.

Attack Vector: Network Privileges: Low User Interaction: None

Attacker Value

Unknown

CVE-2022-30356

Disclosure Date: October 25, 2024 (last updated November 01, 2024)

OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . Authentication is required with OE_ADMIN role privilege.

Attack Vector: Network Privileges: High User Interaction: None

Attacker Value

Unknown

CVE-2024-48904

Disclosure Date: October 22, 2024 (last updated October 23, 2024)

An command injection vulnerability in Trend Micro Cloud Edge could allow a remote attacker to execute arbitrary code on affected appliances. Please note: authentication is not required in order to exploit this vulnerability.