Applications on the tested version of Dominion Voting Systems ImageCast X can execute code with elevated privileges by exploiting a system level service. An attacker could leverage this vulnerability ...
Continue Reading
June 24, 2022
Controls limiting uploads to certain file extensions may be bypassed. This could allow an attacker to intercept the initial file upload page response and modify the associated code. This modified code ...
Continue Reading
June 24, 2022
An attacker with weak credentials could access the TCP port via an open FTP port, allowing an attacker to read sensitive files and write to remotely executable directories.Read More ...
Continue Reading
June 24, 2022
The www-data (Apache web server) account is configured to run sudo with no password for many commands (including /bin/sh and /bin/bash).Read More ...
Continue Reading
June 24, 2022
Client-side JavaScript controls may be bypassed to change user credentials and permissions without authentication, including a root user level meant only for the vendor. Web server root level acce ...
Continue Reading
June 24, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class provider (SCP) is vulnerable to path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled names. T ...
Continue Reading
June 24, 2022
OFFIS DCMTK's (All versions prior to 3.6.7) service class user (SCU) is vulnerable to relative path traversal, allowing an attacker to write DICOM files into arbitrary directories under controlled nam ...
Continue Reading
June 24, 2022
The authentication mechanism used by voters to activate a voting session on the tested version of Dominion Voting Systems ImageCast X is susceptible to forgery. An attacker could leverage this vulnera ...
Continue Reading
June 24, 2022
Back to Main
