Lucene search
+L

198 matches found

NVD
NVD
added 2022/11/09 9:15 p.m.25 views

CVE-2022-43031

DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords...

8.8CVSS0.00528EPSS
Exploits1References2
Prion
Prion
added 2022/11/09 9:15 p.m.21 views

Cross site request forgery (csrf)

DedeCMS v6.1.9 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add Administrator accounts and modify Admin passwords...

6.8CVSS8.8AI score0.00528EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2022/08/29 3:15 p.m.3 views

DEBIAN-CVE-2022-0336

The Samba AD DC includes checks when adding service principals names SPNs to an account to ensure that SPNs do not alias with those already in the database. Some of these checks are able to be bypassed if an account modification re-adds an SPN that was previously present on that account, such as...

8.8CVSS7.5AI score0.01301EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2022/08/26 1:15 p.m.5 views

CVE-2021-39394

mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery CSRF which allows attackers to arbitrarily add user accounts and modify user information...

6.5CVSS6.6AI score0.00287EPSS
Exploits1References2
NVD
NVD
added 2022/08/22 3:15 p.m.16 views

CVE-2022-34774

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

6.3CVSS0.00399EPSS
Exploits0References1
OSV
OSV
added 2022/08/22 3:15 p.m.8 views

CVE-2022-34774

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

5.3CVSS5.8AI score0.00399EPSS
Exploits0References1
Prion
Prion
added 2022/08/22 3:15 p.m.31 views

Default credentials

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

5CVSS5.3AI score0.00399EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2022/08/22 2:41 p.m.38 views

CVE-2022-34774 Tabit - Arbitrary account modification

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

6.3CVSS6.5AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2022/08/22 2:41 p.m.72 views

CVE-2022-34774

The CVE-2022-34774 entry concerns Tabit software where an endpoint mapped by a tiny URL allows modification of a user’s personal details (e.g., email, phone) in a restaurant loyalty program. The underlying issue enables potential account takeover, since altering the email could enable password re...

6.3CVSS5.4AI score0.00399EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.6 views

PT-2022-22325 · Tabit · Tabit

Name of the Vulnerable Software and Affected Versions: Tabit affected versions not specified Description: The issue allows for arbitrary account modification. An endpoint mapped by a tiny URL permits an adversary to modify personal details, such as email addresses and phone numbers, of a specific...

6.3CVSS5.2AI score0.00399EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/08/18 8:15 p.m.6 views

CVE-2022-2568

A privilege escalation flaw was found in the Ansible Automation Platform. This flaw allows a remote authenticated user with 'change user' permissions to modify the account settings of the superuser account and also remove the superuser privileges...

6.5CVSS6.7AI score0.00769EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2022/08/17 11:14 a.m.3 views

CVE-2022-34774

Tabit - Arbitrary account modification. One of the endpoints mapped by the tiny URL, was a page where an adversary can modify personal details, such as email addresses and phone numbers of a specific user in a restaurant's loyalty program. Possibly allowing account takeover the mail can be used t...

6.3CVSS5.9AI score0.00399EPSS
Exploits0References2Affected Software1
Github Security Blog
Github Security Blog
added 2022/08/05 12:0 a.m.30 views

Apache JSPWiki CSRF due to crafted invocation on the Image plugin

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

8.8CVSS8.6AI score0.01093EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2022/08/04 7:15 a.m.19 views

Cross site request forgery (csrf)

A carefully crafted invocation on the Image plugin could trigger an CSRF vulnerability on Apache JSPWiki before 2.11.3, which could allow a group privilege escalation of the attacker's account. Further examination of this issue established that it could also be used to modify the email associated...

6.8CVSS8.9AI score0.01093EPSS
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/07/27 9:15 p.m.4 views

CVE-2022-36954

In Veritas NetBackup OpsCenter, under specific conditions, an authenticated remote attacker may be able to create or modify OpsCenter user accounts. This affects 8.x through 8.3.0.2, 9.x through 9.0.0.1, 9.1.x through 9.1.0.1, and 10...

9.9CVSS5.8AI score0.00832EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/07/27 12:0 a.m.4 views

Veritas NetBackup 安全漏洞

Veritas NetBackup is a storage service from Veritas, Inc. that is used to provide backup and recovery capabilities for enterprise environments. The software supports ransomware detection and backup protection of environmental data such as metadata and virtual environments. A security vulnerabilit...

9.9CVSS6.6AI score0.00832EPSS
Exploits0References2
OSV
OSV
added 2022/05/14 2:42 a.m.5 views

GHSA-5P54-JJ38-3HXJ Apache Archiva does not require entry of the administrator's password at the time of modifying a user account

Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a 1 unattended...

6.9CVSS7.3AI score0.02016EPSS
Exploits0References6
Github Security Blog
Github Security Blog
added 2022/05/14 2:42 a.m.7 views

Apache Archiva does not require entry of the administrator's password at the time of modifying a user account

Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a 1 unattended...

6.8CVSS7.8AI score0.02016EPSS
Exploits0References6Affected Software1
Prion
Prion
added 2022/03/20 7:15 p.m.12 views

Authorization

TMS v2.28.0 contains an insecure permissions vulnerability via the component /TMS/admin/user/Update2. This vulnerability allows attackers to modify the administrator account and password...

4.3CVSS5.7AI score0.00739EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2022/02/15 11:15 p.m.13 views

Cross site request forgery (csrf)

A Cross-Site Request Forgery CSRF in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses...

4.3CVSS6.5AI score0.00484EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder