漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
漏洞
N/A
漏洞信息
Due to missing authorization checks, any authenticated user is able to list, upload, or delete attachments to password safe entries in Pleasant Password Server before 7.8.3. To perform those actions on an entry, the user needs to know the corresponding "CredentialId" value, which uniquely identifies a password safe entry. Since "CredentialId" values are implemented as GUIDs, they are hard to guess. However, if for example an entry's owner grants read-only access to a malicious user, the value gets exposed to the malicious user. The same holds true for temporary grants.
漏洞信息
N/A
漏洞
N/A
漏洞
Pleasant Password Server 安全漏洞
漏洞信息
Pleasant Password Server是加拿大Pleasant Solutions公司的一款多用户密码管理器。 Pleasant Password Server 7.8.3之前版本中存在安全漏洞,该漏洞源于程序没有进行权限检测。攻击者可借助相应的‘CredentialId’值利用该漏洞列出、上传或删除附件。
漏洞信息
N/A
漏洞
N/A