CVE-2021-30651
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. Zafiyet ile…
A malicious authenticated SMG administrator user can obtain passwords for external LDAP/Active Directory servers that they might not otherwise be authorized to access. Zafiyet ile…
LRM utilizes elevated privileges. An unauthenticated malicious actor can upload and execute code remotely at the operating system level, which can allow an attacker to…
LRM contains a directory traversal vulnerability that can allow a malicious actor to upload outside the intended directory structure. Zafiyet ile ilgili Genel Bilgi, Etki…
LRM does not restrict the types of files that can be uploaded to the affected product. A malicious actor can upload any file type, including…
LRM does not implement authentication or authorization by default. A malicious actor can inject, replay, modify, and/or intercept sensitive data. Zafiyet ile ilgili Genel Bilgi,…
LRM version 2.4 and lower does not implement TLS encryption. A malicious actor can MITM attack sensitive data in-transit, including credentials. Zafiyet ile ilgili Genel…
The default password for the web application’s root user (the vendor’s private account) was weak and the MD5 hash was used to crack the password…
Client-side JavaScript controls may be bypassed by directly running a JS function to reboot the PLC (e.g., from the browser console) or by loading the…
Weak default root user credentials allow remote attackers to easily obtain OS superuser privileges over the open TCP port for SSH. Zafiyet ile ilgili Genel…
The tested version of Dominion Voting Systems ImageCast X does not validate application signatures to a trusted root certificate. Use of a trusted root certificate…