Lucene search
+L

198 matches found

CNVD
CNVD
added 2015/06/09 12:0 a.m.4 views

ZOHO NetFlow Analyzer Authentication Bypass Vulnerability

ZOHO NetFlow Analyzer is a set of network traffic analysis software. The software provides bandwidth monitoring and flow analysis, network forensics and security analysis. A security vulnerability exists in ZOHO NetFlow Analyzer due to a failure of the program to perform administrator...

7.5CVSS6.8AI score0.03409EPSS
Exploits0References1
seebug.org
seebug.org
added 2014/10/28 12:0 a.m.20 views

ShopBuilder 5.6.1 /module/patment/admin/bank_account_mod.php SQL注入漏洞

No description provided by source. !/usr/bin/env python coding=utf-8 import re import urllib2 from comm import cmdline from comm import generic pocinfo = 'VulId': '1567', 'Name': 'ShopBuilder 5.6.1 /module/patment/admin/bankaccountmod.php SQL注入漏洞 POC', 'AppName': 'ShopBuilder', 'AppPowerLink':...

7.1AI score
Exploits0
Prion
Prion
added 2014/07/15 2:55 p.m.13 views

Design/Logic Flaw

Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action...

6.8CVSS7.3AI score0.03744EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2014/07/15 2:0 p.m.25 views

CVE-2014-4963

Shopizer 1.1.5 and earlier allows remote attackers to modify the account settings of arbitrary users via the customer.customerId parameter to shop/profile/register.action...

6.8AI score0.03744EPSS
Exploits0References2
0day.today
0day.today
added 2014/06/14 12:0 a.m.19 views

ZeroCMS 1.0 - zero_transact_user.php, Handling Privilege Escalation

Exploit for php platform in category web applications import sys,getopt,cookielib,urllib2,urllib ZeroCMS 1.0 zerotransactuser.php Impropper Form post hanling, parameter polution Vendor: Another Awesome Stuff Product web page: http://www.aas9.in/zerocms/ author: email protected Tested on: php 5.4....

7.1AI score
Exploits0
NVD
NVD
added 2014/03/02 5:55 p.m.23 views

CVE-2014-2033

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...

7.9CVSS6.3AI score0.01053EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2014/03/02 5:55 p.m.4 views

CVE-2014-2033

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...

7.9CVSS5.6AI score0.01053EPSS
Exploits1References3
Prion
Prion
added 2014/03/02 5:55 p.m.20 views

Design/Logic Flaw

The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification ...

7.9CVSS6.8AI score0.01053EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2013/12/09 11:0 a.m.43 views

CVE-2013-6171

checkpassword-reply in Dovecot before 2.2.7 performs setuid operations to a user who is authenticating, which allows local users to bypass authentication and access virtual email accounts by attaching to the process and using a restricted file descriptor to modify account information in the...

5.8CVSS7.5AI score0.01457EPSS
Exploits0
Packet Storm
Packet Storm
added 2013/07/11 12:0 a.m.18 views

PrestaShop 1.5.4 Cross Site Request Forgery

View online: http://demo-store.prestashop.com/en/ Advisory ID: PRESTASHOP Version: 1.5.4 Date: 2013-July-11 Security risk: Moderately critical 2 Exploitable from: Remote Vulnerability: Cross Site Request Forgery -------- DESCRIPTION --------------------------------------------------------- With...

0.6AI score
Exploits0
Prion
Prion
added 2012/10/04 7:55 p.m.15 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the web interface in Cerberus FTP Server before 5.0.5.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a user account or 2 reconfigure the state of the FTP service, as demonstrated by a...

6.8CVSS7.8AI score0.01167EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2011/06/06 7:55 p.m.16 views

CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...

5.5CVSS6.3AI score0.01579EPSS
Exploits0References7
UbuntuCve
UbuntuCve
added 2011/06/06 7:55 p.m.20 views

CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...

5.5CVSS6AI score0.01579EPSS
Exploits0References2
Cvelist
Cvelist
added 2011/06/06 7:0 p.m.22 views

CVE-2011-1950

plone.app.users in Plone 4.0 and 4.1 allows remote authenticated users to modify the properties of arbitrary accounts via unspecified vectors, as exploited in the wild in June 2011...

6.3AI score0.01579EPSS
Exploits0References7
myhack58
myhack58
added 2011/01/08 12:0 a.m.19 views

EasyTalk microblogging arbitrarily modify account vulnerability-vulnerability warning-the black bar safety net

Author: mind Vulnerability found in the latest version 5.01 the old version not the source code I do not know whether there Then again..look at the code...... See the file catalog file op.php ? php include'common.inc.php'; //load global variable $op = $GET'op'?$ GET'op':'login'; // because the...

0.7AI score
Exploits0
Cvelist
Cvelist
added 2010/12/06 8:0 p.m.23 views

CVE-2010-4408

Apache Archiva 1.0 through 1.0.3, 1.1 through 1.1.4, 1.2 through 1.2.2, and 1.3 through 1.3.1 does not require entry of the administrator's password at the time of modifying a user account, which makes it easier for context-dependent attackers to gain privileges by leveraging a 1 unattended...

6.9AI score0.02016EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2009/08/24 12:0 a.m.45 views

Cuteflow 2.10.3 - 'edituser.php' Security Bypass

It's possible edit the users including the admin account, bypassing the authentication through the address: http://localhost/cuteflow/pages/edituser.php?userid=1&language=pt&sortby=st rLastName&sortdir=ASC&start=1 The vulnerability is caused due to the application not properly restricting access ...

7AI score
Exploits0
Cvelist
Cvelist
added 2009/05/22 6:0 p.m.17 views

CVE-2009-1767

admin/edituser.php in 2daybiz Template Monster Clone does not require administrative authentication, which allows remote attackers to modify arbitrary accounts via the 1 loginname, 2 password, 3 email, 4 firstname, or 5 lastname parameter...

6.8AI score0.02084EPSS
Exploits1References4
securityvulns
securityvulns
added 2008/05/22 12:0 a.m.55 views

Cisco Voice Portal privilege escalation

User granted administrator privileges can modify accounts of superusers...

9CVSS4.6AI score0.02957EPSS
Exploits1References1Affected Software1
seebug.org
seebug.org
added 2007/12/18 12:0 a.m.29 views

Apple Mac OS X Keychain安全绕过漏洞

BUGTRAQ ID: 26877 CVE ID:CVE-2007-5862 CNCVE ID:CNCVE-20075862 Apple Mac OS X是一款商业性质的基于BSD的操作系统。 Apple Mac OS X在执行部分操作时不正确验证用户信任信息,远程攻击者可以利用漏洞进行安全绕过攻击,修改其他用户帐户等操作。 Keychain升级的访问检查可绕过,特定构建的JAVA APPLET可增加或删除用户keychain中的项目而不对用户进行任何提示操作。可能导致修改其他用户帐户等攻击。 Apple Mac OS X Server 10.4.11 Apple Mac OS X...

9.4CVSS6.4AI score0.02656EPSS
Exploits2
Rows per page
Query Builder